Skip to main content
This guide applies to Mac computers

About the World Writable Files Parameter

The “Checking Library and System Folders for World Writable Files” parameter is a Blueprint parameter in Iru Endpoint that audits Mac computers for files with overly permissive permissions. This parameter helps identify and remediate security vulnerabilities caused by world writable files.

How It Works

This parameter scans Library and System folders for world writable files and can attempt to remediate them if found, helping maintain system security by identifying files with overly permissive permissions.

What are World Writeable Files?

World writable files in macOS are files or directories that any user on the system can modify. While this might seem convenient, it poses significant security risks. Any user, including those with malicious intent, can alter these files, potentially leading to unauthorized changes, data corruption, or even system compromise. Being aware of these files is crucial because they can be exploited to inject malicious code or disrupt services. Regularly auditing and managing file permissions helps maintain system integrity and security. Ensuring that world writable permissions are minimized or eliminated is a fundamental step in protecting your Mac computers from potential vulnerabilities.

Auditing for and Remediating World Writeable Files in the Library Folder

A Parameter can be configured in both Assignment Maps and Classic Blueprints to audit for world writable files located in the Library folder and attempt to remediate them if found. To configure the Parameter:
1

Access Parameters

Navigate to your desired Assignment Map or Classic Blueprint, and click Parameters.
2

Edit Parameters

Select Edit Parameters. If this is the first Parameter you’re adding, select Add Parameters in your Assignment Map or Enable Parameters in your Classic Blueprint.
3

Search for Parameter

In the search field, enter “world writable”.
4

Enable Parameter

Locate the Check Library folder for world writable files Parameter, and enable it by toggling the switch.
5

Configure Exclusions

Optionally, configure directory exclusions where needed.
6

Save Configuration

Click Save.

Auditing for World Writable Files in the System Folder

Because of Apple’s System Integrity Protection (SIP), world writable files found in the System folder cannot be remediated automatically. Manual intervention is required to resolve alerts for world writeable files found in this location.
A Parameter can be configured in both Assignment Maps and Classic Blueprints to audit for world writable files located in the System folder and alert admins to their presence. To configure the Parameter:
1

Access Parameters

Navigate to your desired Assignment Map or Classic Blueprint, and click Parameters.
2

Edit Parameters

Select Edit Parameters. If this is the first Parameter you’re adding, select Add Parameters in your Assignment Map or Enable Parameters in your Classic Blueprint.
3

Search for Parameter

In the search field, enter “world writable”.
4

Enable Parameter

Locate the Check System folder for world writable files Parameter, and enable it by toggling the switch.
5

Configure Mute Option

Optionally, mute the Parameter if you want to receive alerts quietly.
6

Save Configuration

Click Save.