Thanks to all who responded. The couple of responses I received

     indicated that the directories should not be group writable, but the

     members of the group pose no real security threat.

     

     Another response was to point me to a script that will change the

     permissions of many files. This will be somthing worth looking into.

     

     Thanks again to:

     

     Michael Hill

     Casper Dik

     

     

     The following are their responses:

     

     

     

     There shouldn't be any problem doing so. But only the root, bin, sys,

     and adm accounts are in the group sys by default; the first should be

     tightly controlled, obviously, and the latter three shouldn't ever be

     logged into anyway. So unless you're handing out membership in group

     sys, it's not likely to be much of a security breach to have these

     group-writable. Having /dev/*mem and /dev/*dsk/c?t* (i.e. memory and

     the disk devices) readable by group sys is much more likely to be a

     problem if there were users in that group.

     

     --

     --Michael

     

     

     

     

     There's no reason for them to be group writable.

     

     

     Sun really ought to fix the permissions of those files; but it's been

     an uphill battle from within.

     

     There's some software I wrote to do thsi automatically:

     

     ftp.wins.uva.nl:/pub/solaris/auto-install/*

     

     

     the tar.gz file contains a script and a program that fixes ownership

     and permissions to mroe sane values.

     

     It creates an undo file so you can undo it if it breaks anything. By

     using my program, patches can still be applied.

     

     Casper