Date: Wed, 23 Mar 2005 11:41:13 -0600 (CST) From: "H. S." <security@revolutionsp.com> To: freebsd-hackers@freebsd.org Subject: Re: passwd & permissions Message-ID: <50376.81.84.174.5.1111599673.squirrel@mail.revolutionsp.com> In-Reply-To: <20050321125200.GA87158@ei.bzerk.org> References: <49296.81.84.174.5.1111346817.squirrel@mail.revolutionsp.com> <20050321125200.GA87158@ei.bzerk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Sun, Mar 20, 2005 at 01:26:57PM -0600, H. S. typed: >> Hey, >> >> I'm using FreeBSD on various servers for many time now, and there is >> something that always bothered me. It is related to /etc/passwd and >> /etc/pwd.db permissions. >> >> I have custom (0640) permissions on these files. However, each time a >> user > > Be carefull not to get yourself a false sense of security. e.g. if your > goal > is to hide information about your users, there are many other ways > to get the info without having to open /etc/passwd or /etc/pwd.db > > example: > > /usr/sbin/pw usershow -a > > Ruben > > [????/ttyp0] username:/home/username$ ./pw usershow -a [????/ttyp0] username:/home/username$ (no output) Since pw is not setuid, if it can't read any of the passwd files, it will not print the full userlist. I have very customized (and tested, over the years) permissions on the whole filesystem. That is why I wanted to find out why some permissions get back to system defaults whenever I install a port. The most proeminent cases are /usr/local/sbin/ (gets back to rwx rx rx) and /usr/local/www (rwx rx rx and chgrp wheel, I have a different group owning the directory). Any idea about what to fix in order to make the system stop resetting my permissions when I install ports ? Thanks!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50376.81.84.174.5.1111599673.squirrel>