From owner-freebsd-hackers@FreeBSD.ORG Mon Mar 21 12:33:31 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5675516A4CE for ; Mon, 21 Mar 2005 12:33:31 +0000 (GMT) Received: from mxsf25.cluster1.charter.net (mxsf25.cluster1.charter.net [209.225.28.225]) by mx1.FreeBSD.org (Postfix) with ESMTP id D043043D49 for ; Mon, 21 Mar 2005 12:33:30 +0000 (GMT) (envelope-from c0ldbyte@myrealbox.com) Received: from mxip02.cluster1.charter.net (mxip02a.cluster1.charter.net [209.225.28.132])j2LCXT6i029832 for ; Mon, 21 Mar 2005 07:33:29 -0500 Received: from 24.247.253.134.gha.mi.chartermi.net (HELO eleanor.us1.wmi.uvac.net) (24.247.253.134) by mxip02.cluster1.charter.net with ESMTP; 21 Mar 2005 07:33:29 -0500 X-Ironport-AV: i="3.91,106,1110171600"; d="scan'208"; a="688650385:sNHT20876768" Date: Mon, 21 Mar 2005 07:33:25 -0500 (EST) From: c0ldbyte To: "H. S." In-Reply-To: <49296.81.84.174.5.1111346817.squirrel@mail.revolutionsp.com> Message-ID: <20050321072417.T40399@eleanor.us1.wmi.uvac.net> References: <49296.81.84.174.5.1111346817.squirrel@mail.revolutionsp.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed cc: freebsd-hackers@freebsd.org Subject: Re: passwd & permissions X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 21 Mar 2005 12:33:31 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, 20 Mar 2005, H. S. wrote: > Hey, > > I'm using FreeBSD on various servers for many time now, and there is > something that always bothered me. It is related to /etc/passwd and > /etc/pwd.db permissions. > > I have custom (0640) permissions on these files. However, each time a user > changes his/her password, the system will reset the password file > permissions back to the original (rw r r). I'm not much of a programmer, > but I tried to change passwd.c source to do a execl() at the end of the > file (calling chmod). After trying it, the permissions were reset anyway, > so I added a perror("execl") and it says permission denied. Should be > because passwd dropped privileges at that part of the program. I've > thought about a cron job to fix the permissions every X minutes, but I'd > like a more "clean" option to this. > > Where in the system can I change the permission-reset behaviour ? This > also happens, for example, with /usr/local/sbin/ (rwx rx x are my > permissions) after I upgrade any port, it will be rwx rx rx , and > /usr/local/www too. > > I've edited the mtree/ files as it sounded like a good lead, but the > behaviour remains. > > What should I do ? > > Thanks. About the easiest way to go about it would be to set the umask for passwd command well in operation. your umask right now is probably 022 which is causing passwd when updating those files to rewrite a new file with 022 0644 perms. set your umask to something like 026 and that should give files created during the time of execution the 0640 perms. modifing the code for passwd.c is sensless since everytime you update your source to upgrade your changes will be over ridden. --- Try the following --- sh & compatable. alias passwd='umask 026 && passwd ;umask 022' csh & compatable. alias passwd umask 026 && passwd ;umask 022 Guess if your pretty good with shell scripts you could also make a wrapper around passwd and put it in root's private bin. Best regards: --c0ldbyte -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (FreeBSD) Comment: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF7DF979F iD8DBQFCPr8YsmFQuvffl58RAu7jAKCWQmJ7tE0OLNzJHS/AdX7rkx/OZQCbBZNx FBo3Ho4htZk/LRMzWIhI+6E= =crQG -----END PGP SIGNATURE-----