Oracle^® Solaris 11.3 Security and Hardening Guidelines

Protecting and Modifying Files

By default, only the root role can modify system file permissions. Roles and users who are assigned the solaris.admin.edit/path-to-system-file authorization can modify that system-file. Only the root role can search for all files.

Table 5  Protecting and Modifying Files Task Map

Task Description For Instructions Configure restrictive file permissions for regular users. Sets a more restrictive value than 022 for file permissions for regular users. How to Set a More Restrictive umask Value for Regular Users Specify ACLs to protect files at a finer granularity than regular UNIX file permissions. Extended security attributes can be useful in protecting files. Using File Attributes to Add Security to ZFS Files in Securing Files and Verifying File Integrity in Oracle Solaris 11.3 Specify an ACL to prevent the deletion of critical files, such as Oracle database logs. Sets the nounlink property on a file or directory so that the rm command fails even when run by the root role. Preventing Accidental Deletions With the nounlink Attribute in Securing Files and Verifying File Integrity in Oracle Solaris 11.3 Maintain system file integrity. Finds suspicious files through a script or by using BART. How to Find Files With Special File Permissions in Securing Files and Verifying File Integrity in Oracle Solaris 11.3