From owner-freebsd-hackers@FreeBSD.ORG Wed Mar 23 17:42:02 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3923916A4CE for ; Wed, 23 Mar 2005 17:42:02 +0000 (GMT) Received: from mail.revolutionsp.com (ganymede.revolutionsp.com [64.246.0.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id AF85443D2F for ; Wed, 23 Mar 2005 17:42:01 +0000 (GMT) (envelope-from security@revolutionsp.com) Received: from mail.revolutionsp.com (localhost [127.0.0.1]) by mail.revolutionsp.com (Postfix) with ESMTP id 54EAF15CA0 for ; Wed, 23 Mar 2005 11:41:13 -0600 (CST) Received: from 81.84.174.5 (SquirrelMail authenticated user security@revolutionsp.com) by mail.revolutionsp.com with HTTP; Wed, 23 Mar 2005 11:41:13 -0600 (CST) Message-ID: <50376.81.84.174.5.1111599673.squirrel@mail.revolutionsp.com> In-Reply-To: <20050321125200.GA87158@ei.bzerk.org> References: <49296.81.84.174.5.1111346817.squirrel@mail.revolutionsp.com> <20050321125200.GA87158@ei.bzerk.org> Date: Wed, 23 Mar 2005 11:41:13 -0600 (CST) From: "H. S." To: freebsd-hackers@freebsd.org User-Agent: SquirrelMail/1.4.4 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: Re: passwd & permissions X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Mar 2005 17:42:02 -0000 > On Sun, Mar 20, 2005 at 01:26:57PM -0600, H. S. typed: >> Hey, >> >> I'm using FreeBSD on various servers for many time now, and there is >> something that always bothered me. It is related to /etc/passwd and >> /etc/pwd.db permissions. >> >> I have custom (0640) permissions on these files. However, each time a >> user > > Be carefull not to get yourself a false sense of security. e.g. if your > goal > is to hide information about your users, there are many other ways > to get the info without having to open /etc/passwd or /etc/pwd.db > > example: > > /usr/sbin/pw usershow -a > > Ruben > > [????/ttyp0] username:/home/username$ ./pw usershow -a [????/ttyp0] username:/home/username$ (no output) Since pw is not setuid, if it can't read any of the passwd files, it will not print the full userlist. I have very customized (and tested, over the years) permissions on the whole filesystem. That is why I wanted to find out why some permissions get back to system defaults whenever I install a port. The most proeminent cases are /usr/local/sbin/ (gets back to rwx rx rx) and /usr/local/www (rwx rx rx and chgrp wheel, I have a different group owning the directory). Any idea about what to fix in order to make the system stop resetting my permissions when I install ports ? Thanks!