From owner-freebsd-security Thu Apr 19 8:45:35 2001 Delivered-To: freebsd-security@freebsd.org Received: from dt051n37.san.rr.com (dt051n37.san.rr.com [204.210.32.55]) by hub.freebsd.org (Postfix) with ESMTP id 212AC37B424 for ; Thu, 19 Apr 2001 08:45:32 -0700 (PDT) (envelope-from DougB@DougBarton.net) Received: from DougBarton.net (master [10.0.0.2]) by dt051n37.san.rr.com (8.9.3/8.9.3) with ESMTP id IAA30868; Thu, 19 Apr 2001 08:45:29 -0700 (PDT) (envelope-from DougB@DougBarton.net) Message-ID: <3ADF0819.B5882BE1@DougBarton.net> Date: Thu, 19 Apr 2001 08:45:29 -0700 From: Doug Barton Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.77 [en] (X11; U; FreeBSD 4.3-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: Gerhard Sittig Cc: freebsd-security@FreeBSD.ORG Subject: Re: /root and users home dir permissions References: <20010418173927.A64529@icon.icon.bg> <20010418210425.S20830@speedy.gsinet> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Gerhard Sittig wrote: > > On Wed, Apr 18, 2001 at 17:39 +0300, Victor Ivanov wrote: > > > > I noticed /root is installed with mode=0755 (and updated every > > time by installworld). It's the root home directory... some > > admins (like me) are using it for keeping sensitive data away > > from regular users. Shouldn't it be mode=0700 in > > /etc/mtree/BSD.root.dist? > > a+rx on /root only means that this very directory can be listed > and entered by anybody. There might be valid reasons for doing > this . . . > What keeps you from putting sensitive data into a directory one > level deeper? I agree. 755 for home dirs has a long standing tradition behind it, and is very useful in shared environments. Anything that needs to be hidden can be, in /root or elsewhere. Doug -- "One thing they don't tell you about doing experimental physics is that sometimes you must work under adverse conditions ... like a state of sheer terror." -- W. K. Hartmann Do YOU Yahoo!? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message