The onsecurity utility (UNIX)

The onsecurity utility checks the security of a file, directory, or path. It also troubleshoots the security problems if any are detected.

Purpose

Use the onsecurity command for one or more of the following purposes:
  • Check whether a path leading to a directory or a file is secure.
  • Generate diagnostic output that explains the nature of the security problem.
  • Generate a script that can be run user root to remedy the security problems. You can use the script as generated or modify it to meet your environment's security requirements.
  • For special circumstances only, specify that particular users, groups, or directories that are normally not trusted can be trusted by the Informix® utilities. Add the information to files in the /etc/informix directory.

Most frequently, when you run the command on the Informix® installation path, you receive a message that the path is secure. If the path is secure, you are not required to do any further work with the utility for the path.

Important: The onsecurity utility itself cannot change file permissions. It supports an extensive set of options by which you can specify how you would like the problem fixed, and upon request, it generates a script that user root can run to modify permissions or settings. Changes to file or directory permissions can result from user root running the script that onsecurity generates, but changes to permissions or settings cannot be made directly by any onsecurity command.

Syntax


1  onsecurity
1  %options +  path
1 -h
1 -V
1 -version
Options

1? +  -g group? +  -u user?  -i?  -n?  -e?  -p ? -d
2.1 -t
2.1 -v
2.1 -q
1?  -r? %fix actions
Fix actions

1?  -G
2.1 chmod
2.1  chgrp? =group
2.1 add?  -U
2.1  chown? =user
2.1 add?  -O
2.1 chmod
2.1 add

Parameters

The following table identifies the syntax terms of the onsecurity syntax diagram.

Element Purpose Key Considerations
path Specifies the directory or file path that the utility analyzes.
group Specifies a group name or a group number.
user Specifies a user name or user number.

The following table describes valid options for the onsecurity command.

Element Purpose Key Considerations
-d Prints debugging information. Implies the -v option.
-h Prints a help message listing the supported options and their functions.
-V Prints short version information and exits the command-line utility.
-version Prints extended version information and exits the command-line utility.
-t Prints a terse analysis of the path only if a security problem is detected.
-v Prints a verbose analysis of the path, regardless of whether a security problem is detected .
-q Runs the command in quiet mode. The command prints no information but just exits with a status of either 0 (all paths are secure) or 1 (at least one part of a path is not secure). No analysis of the security condition is displayed when you use this option, even if the path is not secure (status of 1).
-r Generates recommendation about how to fix security problems on the path, if there are any. If the utility detects a security problem in the path, it prints a diagnosis of the problem in a shell script that user root can run to fix the security problem.

Review the suggested remedy before running the script.

-g group Designates the specified group as trusted for this run of the onsecurity command. Other utilities do not trust this group. A group specified by this option is not added to the list of trusted groups in the /etc/informix subdirectory. If the specified group is already a trusted group, this option has no effect on the diagnostic output or the generated script.
-u user Designates the specified user as trusted for this run of the onsecurity command. Other utilities do not trust this user. A user specified by this option is not added to the list of trusted users in the /etc/informix subdirectory. If the specified user is already a trusted user, this option has no effect on the diagnostic output or the generated script.
-i Directs the onsecurity command to process directories belonging to user and group informix as not trusted. This option is generally more useful in checking the path security of non-Informix® software.
-n Directs the onsecurity command to process directories belonging to a system user or system group, such as sys or bin, as not trusted.
-e Directs the onsecurity command to not check files in /etc/informix.
-p Runs the onsecurity command in a mode that is appropriate for non-root installations. When you run the command with the -p option on a path to a non-root installation, you are adding your user login name to the list of trusted users. Also, when you run the command, this option:
  • Processes directories belonging to user and group informix as not trusted.
  • Excludes files in /etc/informix from the security check.
-G fix action Configure the security script that onsecurity generates so that directories with nonsecure group permissions are set as indicated by the specified action. If you do not specify the -G option, the command assumes that you intended to specify -G chmod.
-U fix action Configure the security script that onsecurity generates so that directories with nonsecure user permissions are set as indicated by the specified action. If you do not specify the -U option, the command assumes that you intended to specify -U chown.
-O fix action Configure the security script that onsecurity generates so that directories with nonsecure write access settings are set as indicated by the specified action. If you do not specify the -O option, the command assumes that you intended to specify -O chmod.
chgrp [=group] Changes the current group to the group that you specify. If you do not specify a group, changes the group to group 0 (which is called root, wheel, or system, depending on your operating system).
chown [=user] Changes the current owner to the user that you specify as a fix action. If you do not specify a user, changes the owner to user root.
chmod Removes write access of the group or user on directories, depending on whether the -G or -O option is invoked prior.
add
  • With -G option: Adds current nonsecure group assigned to directory to the /etc/informix/trusted.gids file
  • With -U option: Adds current nonsecure owner of directory to the /etc/informix/trusted.uids file
  • With -O option: Adds nonsecure directories to the etc/informix/trusted.insecure.directories file
Important: Use the add option in the onsecurity command only if there is no acceptable alternative. onsecurity -O add is particularly hazardous if you are not vigilant about the security of your system after running the command. You must not use the -O add option.

Usage

When the onsecurity utility detects a problem, it is crucial that you fix the problem before running any of the other Informix® utilities because they will exit reporting the same problem. Use the -r option to view the recommended actions to correct detected security flaws. If after reading the diagnostic output you realize that you want to configure the script to override the database server's security mechanisms to allow certain nonsecure users, groups, or directory permissions in the installation path, you can use the -r option with -G, -U, or -O.

When you use the -r option, a script is written to standard output that would fix security problems. The script is not run by the onsecurity utility. A user who has root privileges must review the proposed fix before running the script. The script cannot be run by a user who does not have root privileges.

To run the onsecurity utility so that it does not flag a specific group or specific user as a security problem, you can use the -g and -u options. For example, if you added -g 8714 or -g ccusers to the command line, the onsecurity utility would not report that the group is untrusted.

The -g and -u options do not change any directory settings and do not change what constitutes secure settings for the database server. These options affect only the diagnostic output of onsecurity; not the trusted entities in the /etc/informix/ subdirectories and not the script generated with the -r option.

The -p option is only useful for checking the security of a non-root installation path. This option implicitly has the properties of the -i, -e, and -u options.

Examples

The following example shows the output from running the onsecurity utility on a path that is secure:

$ onsecurity /usr/informix/11.50.FC4
# /usr/informix/11.50.FC4 resolves to /work4/informix/Operational/11.50.FC4
(path is trusted)

In the preceding example, the specified path /usr/informix/11.50.FC4 traverses at least one symbolic link to end up at the actual directory /work4/informix/Operational/11.50.FC4, but the whole path is secure.

The following example shows the output from running onsecurity on a path that is not secure:

$ onsecurity /work/informix/ids-11

# !!! SECURITY PROBLEM !!!
# /work/informix/ids-11 (path is not trusted)
# Analysis:
# User           Group          Mode Type Secure Name
# 0     root     0     root     0755 DIR    YES  /
# 0     root     0     root     0755 DIR    YES  /work
# 203   unknown  8714  ccusers  0777 DIR    NO   /work/informix
# 200   informix 102   informix 0755 DIR    NO   /work/informix/ids-11
# Name: /work/informix
# Problem: owner <unknown> (uid 203) is not trusted
# Problem: group ccusers (gid 8714) is not trusted but can modify the directory
# Problem: the permissions 0777 include public write access

In the preceding example, the informix directory of the path /work/informix has the following security flaws:

  • the owner of this directory is not a trusted user
  • the group that controls the directory is not trusted
  • the directory has public write access