The files in /proc directory are world-writable in CentOS. What are the effects of these permissions on the security of the Linux server? Is it ok to change their world-writable permissions? Executing the following command lists world writeable files.

find / -type f -perm -002 -ls | more

The files in the /proc directory are not real files because they are created automatically. They tell the OS where to find different settings and resources. One might also notice that they are all 0Kb in size. Changing their permissions won’t be a good idea because it could cause the system to break down.

Details of the first few files are given below.

[root@backup ~]#  for i in `find / -type f -perm -002 -ls | awk '{print $NF}' | head` ; do echo ; echo $i ; echo; echo "file command output" ; file $i ; echo; echo "stat command output" ; stat $i ; echo; echo; done

/proc/sys/kernel/ns_last_pid

file command output
/proc/sys/kernel/ns_last_pid: empty

stat command output
  File: /proc/sys/kernel/ns_last_pid
  Size: 0         	Blocks: 0          IO Block: 1024   regular empty file
Device: 5h/5d	Inode: 64893971    Links: 1
Access: (0666/-rw-rw-rw-)  Uid: (    0/    root)   Gid: (    0/    root)
Context: system_u:object_r:sysctl_kernel_ns_last_pid_t:s0
Access: 2022-09-17 07:18:31.975664037 +0200
Modify: 2022-09-17 07:18:31.975664037 +0200
Change: 2022-09-17 07:18:31.975664037 +0200
 Birth: -



/proc/1/task/1/attr/current

file command output
/proc/1/task/1/attr/current: empty

stat command output
  File: /proc/1/task/1/attr/current
  Size: 0         	Blocks: 0          IO Block: 1024   regular empty file
Device: 5h/5d	Inode: 21806       Links: 1
Access: (0666/-rw-rw-rw-)  Uid: (    0/    root)   Gid: (    0/    root)
Context: system_u:system_r:init_t:s0
Access: 2022-06-09 00:19:08.635093551 +0200
Modify: 2022-06-09 00:19:08.635093551 +0200
Change: 2022-06-09 00:19:08.635093551 +0200
 Birth: -



/proc/1/task/1/attr/exec

file command output
/proc/1/task/1/attr/exec: empty

stat command output
  File: /proc/1/task/1/attr/exec
  Size: 0         	Blocks: 0          IO Block: 1024   regular empty file
Device: 5h/5d	Inode: 64895079    Links: 1
Access: (0666/-rw-rw-rw-)  Uid: (    0/    root)   Gid: (    0/    root)
Context: system_u:system_r:init_t:s0
Access: 2022-09-17 07:18:31.995663792 +0200
Modify: 2022-09-17 07:18:31.995663792 +0200
Change: 2022-09-17 07:18:31.995663792 +0200
 Birth: -



/proc/1/task/1/attr/fscreate

file command output
/proc/1/task/1/attr/fscreate: empty

stat command output
  File: /proc/1/task/1/attr/fscreate
  Size: 0         	Blocks: 0          IO Block: 1024   regular empty file
Device: 5h/5d	Inode: 21810       Links: 1
Access: (0666/-rw-rw-rw-)  Uid: (    0/    root)   Gid: (    0/    root)
Context: system_u:system_r:init_t:s0
Access: 2022-06-09 00:19:09.033093554 +0200
Modify: 2022-06-09 00:19:09.033093554 +0200
Change: 2022-06-09 00:19:09.033093554 +0200
 Birth: -



/proc/1/task/1/attr/keycreate

file command output
/proc/1/task/1/attr/keycreate: empty

stat command output
  File: /proc/1/task/1/attr/keycreate
  Size: 0         	Blocks: 0          IO Block: 1024   regular empty file
Device: 5h/5d	Inode: 64895080    Links: 1
Access: (0666/-rw-rw-rw-)  Uid: (    0/    root)   Gid: (    0/    root)
Context: system_u:system_r:init_t:s0
Access: 2022-09-17 07:18:31.995663792 +0200
Modify: 2022-09-17 07:18:31.995663792 +0200
Change: 2022-09-17 07:18:31.995663792 +0200
 Birth: -



/proc/1/task/1/attr/sockcreate

file command output
/proc/1/task/1/attr/sockcreate: empty

stat command output
  File: /proc/1/task/1/attr/sockcreate
  Size: 0         	Blocks: 0          IO Block: 1024   regular empty file
Device: 5h/5d	Inode: 21968       Links: 1
Access: (0666/-rw-rw-rw-)  Uid: (    0/    root)   Gid: (    0/    root)
Context: system_u:system_r:init_t:s0
Access: 2022-06-09 00:19:09.903093562 +0200
Modify: 2022-06-09 00:19:09.903093562 +0200
Change: 2022-06-09 00:19:09.903093562 +0200
 Birth: -



/proc/1/attr/current

file command output
/proc/1/attr/current: empty

stat command output
  File: /proc/1/attr/current
  Size: 0         	Blocks: 0          IO Block: 1024   regular empty file
Device: 5h/5d	Inode: 1242        Links: 1
Access: (0666/-rw-rw-rw-)  Uid: (    0/    root)   Gid: (    0/    root)
Context: system_u:system_r:init_t:s0
Access: 2022-06-09 00:19:05.816999998 +0200
Modify: 2022-06-09 00:19:05.816999998 +0200
Change: 2022-06-09 00:19:05.816999998 +0200
 Birth: -



/proc/1/attr/exec

file command output
/proc/1/attr/exec: empty

stat command output
  File: /proc/1/attr/exec
  Size: 0         	Blocks: 0          IO Block: 1024   regular empty file
Device: 5h/5d	Inode: 64895287    Links: 1
Access: (0666/-rw-rw-rw-)  Uid: (    0/    root)   Gid: (    0/    root)
Context: system_u:system_r:init_t:s0
Access: 2022-09-17 07:18:31.998663755 +0200
Modify: 2022-09-17 07:18:31.998663755 +0200
Change: 2022-09-17 07:18:31.998663755 +0200
 Birth: -



/proc/1/attr/fscreate

file command output
/proc/1/attr/fscreate: empty

stat command output
  File: /proc/1/attr/fscreate
  Size: 0         	Blocks: 0          IO Block: 1024   regular empty file
Device: 5h/5d	Inode: 64895288    Links: 1
Access: (0666/-rw-rw-rw-)  Uid: (    0/    root)   Gid: (    0/    root)
Context: system_u:system_r:init_t:s0
Access: 2022-09-17 07:18:31.998663755 +0200
Modify: 2022-09-17 07:18:31.998663755 +0200
Change: 2022-09-17 07:18:31.998663755 +0200
 Birth: -



/proc/1/attr/keycreate

file command output
/proc/1/attr/keycreate: empty

stat command output
  File: /proc/1/attr/keycreate
  Size: 0         	Blocks: 0          IO Block: 1024   regular empty file
Device: 5h/5d	Inode: 64895289    Links: 1
Access: (0666/-rw-rw-rw-)  Uid: (    0/    root)   Gid: (    0/    root)
Context: system_u:system_r:init_t:s0
Access: 2022-09-17 07:18:31.998663755 +0200
Modify: 2022-09-17 07:18:31.998663755 +0200
Change: 2022-09-17 07:18:31.998663755 +0200
 Birth: -

Is it okay to change the permissions of files and folders inside /proc

Leave a Reply Cancel reply