From owner-freebsd-arch Wed Apr 18 10: 6:38 2001 Delivered-To: freebsd-arch@freebsd.org Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.13]) by hub.freebsd.org (Postfix) with SMTP id DCAB637B423 for ; Wed, 18 Apr 2001 10:06:21 -0700 (PDT) (envelope-from roam@orbitel.bg) Received: (qmail 1539 invoked by uid 1000); 18 Apr 2001 17:04:49 -0000 Date: Wed, 18 Apr 2001 20:04:49 +0300 From: Peter Pentchev To: Mikhail Kruk Cc: Victor Ivanov , freebsd-security@FreeBSD.org, freebsd-arch@FreeBSD.org Subject: Re: /root and users home dir permissions Message-ID: <20010418200449.D582@ringworld.oblivion.bg> Mail-Followup-To: Mikhail Kruk , Victor Ivanov , freebsd-security@FreeBSD.org, freebsd-arch@FreeBSD.org References: <20010418173927.A64529@icon.icon.bg> <20010418200206.C582@ringworld.oblivion.bg> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010418200206.C582@ringworld.oblivion.bg>; from roam@orbitel.bg on Wed, Apr 18, 2001 at 08:02:06PM +0300 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Well, so I forgot to CC it to -arch :) So here we go again :) G'luck, Peter -- When you are not looking at it, this sentence is in Spanish. On Wed, Apr 18, 2001 at 08:02:06PM +0300, Peter Pentchev wrote: > CC'd to -arch, although I guess most of the people interested are > already on -security anyway.. > > On Wed, Apr 18, 2001 at 11:27:42AM -0400, Mikhail Kruk wrote: > > > Hi all, > > > > > > I noticed /root is installed with mode=0755 (and updated every time by > > > installworld). It's the root home directory... some admins (like me) are > > > using it for keeping sensitive data away from regular users. Shouldn't it > > > be mode=0700 in /etc/mtree/BSD.root.dist? > > > > I don't think changes like this can be made all of a sudden. Some people > > might be using /root for something which requires it to be readable and we > > don't want to break things... > > > > > Also, when adding new users their home directories should be protected the > > > same way. Am I wrong? > > > > I strongly agree with that. This change seems to be ok in terms of > > breaking existing systems and people have no business in other users' > > directories. > > OK, I think Victor shall cede the /root case - after all, we're all free > to make local mods to the mtree files and all, right? :) > > About adduser.. what do people think about the attached patch? > Or should that ugly regexp also check for numeric modes? Index: src/usr.sbin/adduser/adduser.perl =================================================================== RCS file: /home/ncvs/src/usr.sbin/adduser/adduser.perl,v retrieving revision 1.45 diff -u -r1.45 adduser.perl --- src/usr.sbin/adduser/adduser.perl 2001/04/17 09:42:07 1.45 +++ src/usr.sbin/adduser/adduser.perl 2001/04/18 16:59:19 @@ -39,6 +39,7 @@ $config_read = 1; # read config file $logfile = "/var/log/adduser"; # logfile $home = "/home"; # default HOME + $home_perm = "u+wrX,go-w"; # default permissions on HOME $etc_shells = "/etc/shells"; $etc_passwd = "/etc/master.passwd"; $group = "/etc/group"; @@ -219,6 +220,33 @@ return 0; } +# return the default permissions' string for HOME +sub home_permissions { + local($perm) = @_; + local($p) = $perm; + + return $p if !$verbose && $p eq &home_permissions_valid($p); + + while(1) { + $p = &confirm_list("Enter your default HOME permissions:", 1, $perm, ""); + last if $p eq &home_permissions_valid($p); + } + + $changes++ if $p ne $perm; + return $p; +} + +# check for valid permissions +sub home_permissions_valid { + local($perm) = @_; + + if ($perm =~ /^((([ugo]+[+-][rwxX]+),?)+)/) { + return $1; + } else { + return ""; + } +} + # check for valid passwddb sub passwd_check { system("$pwd_mkdb -C $etc_passwd"); @@ -939,16 +967,17 @@ if (!mkdir("$homedir", 0755)) { warn "$dir: $!\n"; return 0; } - system 'chown', "$name:$group", $homedir; + system("chmod", "$home_perm", "$homedir"); + system("chown", "$name:$group", "$homedir"); return !$?; } # copy files from $dotdir to $homedir # rename 'dot.foo' files to '.foo' print "Copy files from $dotdir to $homedir\n" if $verbose; - system("cp -R $dotdir $homedir"); - system("chmod -R u+wrX,go-w $homedir"); - system("chown -R $name:$group $homedir"); + system("cp", "-R", "$dotdir", "$homedir"); + system("chmod", "-R", "$home_perm", "$homedir"); + system("chown", "-R", "$name:$group", "$homedir"); # security opendir(D, $homedir); @@ -1332,6 +1361,9 @@ # default HOME directory ("/home") home = "$home" +# default permissions on HOME ("u+wrX,go-w") +home_perm = "$home_perm"; + # List of directories where shells located # path = ('/bin', '/usr/bin', '/usr/local/bin') path = ($shpath) @@ -1391,6 +1423,7 @@ &shells_add; # maybe add some new shells $defaultshell = &shell_default; # enter default shell $home = &home_partition($home); # find HOME partition +$home_perm = &home_permissions($home_perm); # set HOME permissions $dotdir = &dotdir_default; # check $dotdir $send_message = &message_default; # send message to new user $defaultpasswd = &password_default; # maybe use password To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message