Discussion:
/usr/HTTPServer/logs/cgisock=
(too old to reply)
j***@wellpoint.com
2012-12-18 18:59:43 UTC
Permalink
I am running Apache 2.0.59 on AIX 6.1. The web server is not running as root. It is running as a different user via sudo.

There is a file called cgisock= in /usr/HTTPServer/logs. The file is empty. The permissions are srwxrwxrwx. My company is scanning servers for files that are world-writable. They want me to remove the world write permission from all files. Is it safe for me to remove the world write permission from this file?

Thanks.

Jerry
I R A Darth Aggie
2012-12-21 14:11:01 UTC
Permalink
On Tue, 18 Dec 2012 10:59:43 -0800 (PST),
Post by j***@wellpoint.com
I am running Apache 2.0.59 on AIX 6.1. The web server is not running
as root. It is running as a different user via sudo.
Post by j***@wellpoint.com
There is a file called cgisock= in /usr/HTTPServer/logs. The file is
empty. The permissions are srwxrwxrwx. My company is scanning
servers for files that are world-writable. They want me to remove
the world write permission from all files. Is it safe for me to
remove the world write permission from this file?

It looks like it is simply a socket, and thus the rather expansive
file permissions. You can read more on the mod_cgid page:

http://httpd.apache.org/docs/2.0/mod/mod_cgid.html

"The socket will be opened using the permissions of the user
who starts Apache (usually root). To maintain the security of
communications with CGI scripts, it is important that no other
user has permission to write in the directory where the socket
is located."

You can probably manually change the permisions, but that will last
only until you reboot/restart Apache. Are you actually using an
external cgi daemon? you may not need this mod at all, so that would
be one solution.
--
Consulting Minister for Consultants, DNRC
I can please only one person per day. Today is not your day. Tomorrow
isn't looking good, either.
I am BOFH. Resistance is futile. Your network will be assimilated.
Loading...