From owner-freebsd-security  Wed Apr 18  8:28:24 2001
Delivered-To: freebsd-security@freebsd.org
Received: from calliope.cs.brandeis.edu (calliope.cs.brandeis.edu [129.64.3.189])
	by hub.freebsd.org (Postfix) with ESMTP id 79E4C37B61C
	for <freebsd-security@FreeBSD.ORG>; Wed, 18 Apr 2001 08:28:10 -0700 (PDT)
	(envelope-from meshko@calliope.cs.brandeis.edu)
Received: from localhost (meshko@localhost)
	by calliope.cs.brandeis.edu (8.9.3/8.9.3) with ESMTP id LAA31520;
	Wed, 18 Apr 2001 11:27:42 -0400
Date: Wed, 18 Apr 2001 11:27:42 -0400 (EDT)
From: Mikhail Kruk <meshko@cs.brandeis.edu>
To: Victor Ivanov <v0rbiz@icon.bg>
Cc: <freebsd-security@FreeBSD.ORG>
Subject: Re: /root and users home dir permissions
In-Reply-To: <20010418173927.A64529@icon.icon.bg>
Message-ID: <Pine.LNX.4.33.0104181057460.31356-100000@calliope.cs.brandeis.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> Hi all,
>
> I noticed /root is installed with mode=0755 (and updated every time by
> installworld). It's the root home directory... some admins (like me) are
> using it for keeping sensitive data away from regular users. Shouldn't it
> be mode=0700 in /etc/mtree/BSD.root.dist?

I don't think changes like this can be made all of a sudden. Some people
might be using /root for something which requires it to be readable and we
don't want to break things...

> Also, when adding new users their home directories should be protected the
> same way. Am I wrong?

I strongly agree with that. This change seems to be ok in terms of
breaking existing systems and people have no business in other users'
directories.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message