Securing Files

Since the SunOS operating system is a multiuser system, file system security is the most basic, and most important, security risk on a system. You can use both the traditional UNIX file protection or the more secure access control lists (ACLs) to protect your files.

Also, many executable programs have to be run as root (that is, as superuser) to work properly. These executables run with the user ID set to 0 (setuid=0). Anyone who is running these programs runs them with the root ID, which creates a potential security problem if the programs are not written with security in mind.

Except for the executables that are shipped with the setuid bit set to root, you should disallow the use of setuid programs, or at least restrict them and keep them to a minimum.