chkconfig modifies permissions of files under /etc/xinetd.d

Solution Verified - Updated -

Issue

Per Defense Information Systems Agency (DISA) Red Hat 5 Security Technical Implementation Guide (STIG) item GEN003740, files in /etc/xinetd.d must have permission 0640 or less permissive. The installed default permission for these files is 0644.

However, with the files in /etc/xinetd.d set to the correct permissions (0640), if a service (such as tftp) is enabled or disabled (via "chkconfig tftp on" or "chkconfig tftp off", the /etc/xinetd.d/tftp file's permissions are reset to 0644. Further, the SELinux attributes of the file are reset and don't match the rest of the files in the /etc/xinetd.d folder.

For example:

# ls -lZ /etc/xinetd.d/
...
-rw-r--r--  root root system_u:object_r:etc_t:s0       tftp
...
# chmod 0640 /etc/xinetd.d/*
# ls -lZ /etc/xinetd.d
...
-rw-r-----  root root system_u:object_r:etc_t:s0       tftp
...
# chkconfig tftp off
# ls -lZ /etc/xinetd.d
...
-rw-r--r--  root root user_u:object_r:etc_t:s0         tftp
...

Note that the file "tftp" now has perms 0644 and the SELinux attributes have been modified.

Environment

  • Red Hat Enterprise Linux (RHEL) 6.4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content