From owner-freebsd-security Wed Aug 30 13:39:40 2000 Delivered-To: freebsd-security@freebsd.org Received: from testbed.baileylink.net (testbed.baileylink.net [63.71.213.24]) by hub.freebsd.org (Postfix) with ESMTP id A701E37B424 for ; Wed, 30 Aug 2000 13:39:36 -0700 (PDT) Received: by testbed.baileylink.net (Postfix, from userid 1118) id C07512C912; Tue, 29 Aug 2000 11:26:06 -0500 (CDT) Date: Tue, 29 Aug 2000 11:26:05 -0500 From: Brad Guillory To: freebsd-security@freebsd.org Subject: Re: adduser perm problem Message-ID: <20000829112605.A975@baileylink.net> Mail-Followup-To: freebsd-security@freebsd.org References: <00082906200900.00680@reddog.yi.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: ; from rwatson@freebsd.org on Tue, Aug 29, 2000 at 12:10:56PM -0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org As best I can tell all you have to do is chmod the /etc/skel directory. When the directory is copied add user will then do this: system("chmod -R u+wrX,go-w $homedir"); system("chown -R $name:$group $homedir"); so the default for /etc/skel is rwxr-xr-x if you changed it to rwx------ or rwxr--r-- you will probably get what you want. The chmod mentioned above will not change the mode at all. I hope that this helps. BMG On Tue, Aug 29, 2000 at 12:10:56PM -0400, Robert Watson wrote: > > On Tue, 29 Aug 2000, specter wrote: > > > Perhaps I am missing something, but under 4.0 and 4.1-Release, > > when adding a user via adduser, I see the perms on the created > > home directory as "drwxr-xr-x", allowing any one to cd in and > > view files. > > > > Is this normal behavior, or have I oopsed something on my > > system? > > This is normal system behavior on FreeBSD and most UNIX-like operating > systems. However, you can certainly imagine environments where you'd > prefer an alternate home directory permission set, and it might be worth > modifying adduser to support a command line argument (or configuration > directive in adduser.conf) specifying a different permission set. > > I tend to create user home directories with the default open permissions, > but also create public_html/ and private/ subdirectories, indicating that > private material should be stored under the private directory. This seems > to work fairly well in practice. > > Robert N M Watson > > robert@fledge.watson.org http://www.watson.org/~robert/ > PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 > TIS Labs at Network Associates, Safeport Network Services > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- __O | Information wants to be free! | __O Bike _-\<,_ | FreeBSD:The Power to Serve (easily) | _-\<,_ to (_)/ (_) | OpenBSD:The Power to Serve (securely) | (_)/ (_) Work To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message