From owner-freebsd-questions@FreeBSD.ORG Mon Apr 19 03:25:57 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7DCD416A4CE for ; Mon, 19 Apr 2004 03:25:57 -0700 (PDT) Received: from dyer.circlesquared.com (host217-45-219-83.in-addr.btopenworld.com [217.45.219.83]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5D81343D5A for ; Mon, 19 Apr 2004 03:25:56 -0700 (PDT) (envelope-from peter@circlesquared.com) Received: from circlesquared.com (localhost.petanna.net [127.0.0.1]) i3JAVUdu078834; Mon, 19 Apr 2004 11:31:35 +0100 (BST) (envelope-from peter@circlesquared.com) Message-ID: <4083AA7A.70400@circlesquared.com> Date: Mon, 19 Apr 2004 11:31:22 +0100 From: Peter Risdon User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7b) Gecko/20040327 X-Accept-Language: en-us, en MIME-Version: 1.0 To: z3l3zt@hackunite.net References: <2622.213.112.193.91.1082364839.squirrel@mail.hackunite.net> <40839F3A.30605@circlesquared.com> <2715.213.112.193.91.1082369023.squirrel@mail.hackunite.net> In-Reply-To: <2715.213.112.193.91.1082369023.squirrel@mail.hackunite.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-questions@freebsd.org Subject: Re: Why is the chmod values in /home insecure by default? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Apr 2004 10:25:57 -0000 Jesper Wallin wrote: >>Jesper Wallin wrote: >> >> >> >>>Hello.. >>> >>>I'm running FreeBSD 5.2.1-RELEASE-p5 and when I create new user accounts with >>>"adduser", >>>the home directories are world readable/executable.. Sure, it might be useful if I want >>>to publish a website in my public_html, but yet, it should be up to the user if he want >>>to have his homedir world-readable, but by default it should be set to "chmod 700" or >>>"chmod 750" if each user has their own group imho. However, I saw that "adduser" had a >>>config file (/etc/adduser.conf) but the there is no manual entry for adduser.conf and I >>>can't find any example for it.. How can I change the default permission for new >>>home-directories? >>> >>> >>> >>> >>This might help: >> >>http://archives.neohapsis.com/archives/freebsd/2000-08/0361.html >> >>Basically, you need to change the permissions f the directory >>/usr/share/skel and its contents. >> >>PWR. >> >> >> >> > >Hello.. > >First of all, thanks for your answer.. I tried to chmod both /etc/skel and >/usr/share/skel to 700, yet it's not working.. I've checked in /usr/local/etc for any >"skel" directory, but it's not there and the man page for "adduser" says it's >/usr/share/skel (which doesn't work) .. > > When I do it (and I chmod'ed the contents of /usr/share/skel as well as the directory), I get a home directory with the permissions you mention, but all the contents are 0700. Therefore no other user can see them. But I can see this isn't quite what you asked for so I have just searched a bit. Googling gives me a patch to adduser (you'd have to adjust this to get the exact behaviour you're looking for): http://lists.freebsd.org/pipermail/freebsd-bugs/2003-December/004620.html And an elaboration of the type of workaround I originally suggested, at: http://freebsdaddicts.org/modules.php?name=Sections&op=viewarticle&artid=2 HTH. PWR.