From owner-freebsd-security@FreeBSD.ORG Sat Oct 23 20:22:51 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CDEFE16A4CE for ; Sat, 23 Oct 2004 20:22:51 +0000 (GMT) Received: from mxfep01.bredband.com (mxfep01.bredband.com [195.54.107.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 00A3C43D3F for ; Sat, 23 Oct 2004 20:22:46 +0000 (GMT) (envelope-from jesper@hackunite.net) Received: from mail.hackunite.net ([213.112.198.219] [213.112.198.219]) by mxfep01.bredband.com with SMTP id <20041023202244.QPKF4883.mxfep01.bredband.com@mail.hackunite.net> for ; Sat, 23 Oct 2004 22:22:44 +0200 Received: from 213.112.198.199 (SquirrelMail authenticated user z3l3zt@hackunite.net) by mail.hackunite.net with HTTP; Sat, 23 Oct 2004 22:22:46 +0200 (CEST) Message-ID: <1357.213.112.198.199.1098562966.squirrel@mail.hackunite.net> In-Reply-To: <52757.10.0.0.10.1098560266.squirrel@10.0.0.10> References: <1323.213.112.198.199.1098388008.squirrel@mail.hackunite.net> <008401c4b868$ffd64ac0$3501a8c0@pro.sk> <00ab01c4b870$a3024760$3501a8c0@pro.sk> <52757.10.0.0.10.1098560266.squirrel@10.0.0.10> Date: Sat, 23 Oct 2004 22:22:46 +0200 (CEST) From: "Jesper Wallin" To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Mailer: SquirrelMail 1.4.2 X-Priority: 1 Importance: High X-Mailman-Approved-At: Sun, 24 Oct 2004 12:14:03 +0000 Subject: Re: Default permissions of /home/user.. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Oct 2004 20:22:51 -0000 Hello.. Sure, this works nice.. but yet, I did have to modify /usr/sbin/adduser .. Also, some of you said it's bad having a homedir chmod 700, how come? Let's say I use the account for coding, IRC perhaps, mail, etc.. none of those things require more access than 700? All I can think of is public_html which need o+x so nobody and/or www can access that directory.. I know, FreeBSD isn't Linux but most Linux systems run the same programs such as postfix, mysql, apache, openssh, etc.. and I know some distributions (like gentoo for example) which chmod it to 700 by default.. :) Wouldn't it be nice to add a default option for this in adduser.conf, like chmod=755? Since there seem to be more than just me asking for such feature. ;) Best regards, Jesper Wallin ps, thanks for all replies :D >> Sorry for my mistake - you use FreeBSD 5. The adduser command was changed >> to >> sh script in it. I do not use 5, so sorry again. >> >> If your /usr/sbin/adduser has in the start of lines 278 to 280 word >> "_pwcmd", add something like this after line 280: >> _pwcmd="$_pwcmd && chmod 700 $_home" >> >> Command stored in $_pwcmd is executed on line 282. The user should be >> added >> and homedir should be created. The addition above should chmod its homedir >> to 700 (drwx------) automatically. >> >> !!! AGAIN, NOT TESTED !!! >> >> Peter Rosa > > Just a quick correction, you'll want to chmod $uhome not $_home. Having > done that, you can consider your suggestion tested and working. > > Mark Magiera > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >