A.7 Chapter 6: Filesystems and Security

• Learn about the useful options to your version of the ls command.

• If your system has access control lists (ACLs), learn how to use them. Remember: do not depend on ACLs to protect files on NFS partitions.

• Set your umask to an appropriate value (e.g., 027 or 077).

• Never write SUID/SGID shell scripts.

• Periodically scan your system for SUID/SGID files.

• Disable SUID on disk partition mounts (local and remote) unless it is necessary.

• Determine if write, chmod, chown, and chgrp operations on files clear the SUID/SGID bits on your system. Get in the habit of checking files based on this information.

• Scan for device files on your system. Check their ownerships and permissions to ensure that they are reasonable.

• Consider using a cryptographic filesystem for sensitive data.