From owner-freebsd-security Thu Sep 13 7:14:47 2001 Delivered-To: freebsd-security@freebsd.org Received: from TheWorld.com (pcls4.std.com [199.172.62.106]) by hub.freebsd.org (Postfix) with ESMTP id 8970C37B407; Thu, 13 Sep 2001 07:14:38 -0700 (PDT) Received: from world.std.com (world-f.std.com [199.172.62.5]) by TheWorld.com (8.9.3/8.9.3) with ESMTP id KAA25050; Thu, 13 Sep 2001 10:14:28 -0400 Received: (from kwc@localhost) by world.std.com (8.9.3/8.9.3) id KAA29159; Thu, 13 Sep 2001 10:13:52 -0400 (EDT) Date: Thu, 13 Sep 2001 10:13:52 -0400 (EDT) From: Kenneth W Cochran Message-Id: <200109131413.KAA29159@world.std.com> To: Chip Norkus Subject: Re: Default user directory (adduser) filemode Cc: freebsd-security@freebsd.org, freebsd-stable@freebsd.org References: <200109131317.JAA25490@world.std.com> <20010913134223.B389613121@netcom1.netcom.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Sounds reasonable... But sysinstall --> UserAdd doesn't use the adduser Perl script, but the pw command. Just MHO, but I think the defaults are too "loose," not well-documented, and not easily auditable. Should I file a PR, maybe? CC'ing to -security... -kc >Date: Thu, 13 Sep 2001 09:56:22 -0400 >From: Chip Norkus >To: freebsd-stable@FreeBSD.ORG >Subject: Re: Default user directory (adduser) filemode > >On Thu Sep 13, 2001; 06:42AM -0700 Mike Harding used 1.4K bytes >of bandwidth to send the following: >> 'adduser' is a perl script, search it for '755' and you will find >> where the permissions are set, it's trivial to change in the source, >> although logically this could be a configuration parameter. The >> script is in /usr/sbin/adduser. > >Additionally, if you change your umask, mkdir(2) (which is what is used by >adduser) will be restricted. So, if you want files created to be completely >restricted from group/other access, you might do: ># (umask 077;adduser) >A more useful value (especially if you are supporting something like >'public_html' in user directories) would be a umask of 066, or maybe even >026. > >For more info see `man 2 umask` and `man chmod`. > >> - Mike H. >> >> Date: Thu, 13 Sep 2001 09:17:51 -0400 (EDT) >> From: Kenneth W Cochran >> Sender: owner-freebsd-stable@FreeBSD.ORG >> List-ID: >> List-Archive: (Web Archive) >> List-Help: (List Instructions) >> List-Subscribe: >> List-Unsubscribe: >> X-Loop: FreeBSD.ORG >> Precedence: bulk >> >> Hello -stable: >> >> I notice that when I add a user to FreeBSD, either from adduser >> or from /stand/sysinstall --> UserAdd(sp?), the default filemode >> of the user's home directory is 755. So far, I can't find >> (something like) a config-option for this (i.e., in >> /etc/adduser.conf). Is this a bug or a feature(tm)? :) >> >> OS is -stable (RELENG_4), as of 8 September 2001. >> >> Thanks, >> >> -kc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message