STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Oracle Linux 6 Security Technical Implementation Guide Version: 2 Release: 3 Benchmark Date: 23 Apr 2021:SV-209038r603263_rule
V-209038
SRG-OS-000480
OL6-00-000336
CAT III
10
When the so-called 'sticky bit' is set on a directory, only the owner of a given file may remove that file from the directory. Without the sticky bit, any user with write access to a directory may remove any file in the directory.
Setting the sticky bit prevents users from removing each other's files. In cases where there is no reason for a directory to be world-writable, a better solution is to remove that permission rather than to set the sticky bit.
However, if a directory is used by a particular application, consult that application's documentation instead of blindly changing modes.
To set the sticky bit on a world-writable directory [DIR], run the following command:
# chmod +t [DIR]
To find world-writable directories that lack the sticky bit, run the following command for each local partition [PART]:
# find [PART] -xdev -type d -perm -002 ! -perm -1000
If any world-writable directories are missing the sticky bit, this is a finding.
V-209038
False
OL6-00-000336
To find world-writable directories that lack the sticky bit, run the following command for each local partition [PART]:
# find [PART] -xdev -type d -perm -002 ! -perm -1000
If any world-writable directories are missing the sticky bit, this is a finding.
M
2928