Date: Thu, 13 Sep 2001 10:13:52 -0400 (EDT) From: Kenneth W Cochran <kwc@world.std.com> To: Chip Norkus <wd@arpa.com> Cc: freebsd-security@freebsd.org, freebsd-stable@freebsd.org Subject: Re: Default user directory (adduser) filemode Message-ID: <200109131413.KAA29159@world.std.com> References: <200109131317.JAA25490@world.std.com> <20010913134223.B389613121@netcom1.netcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Sounds reasonable... But sysinstall --> UserAdd doesn't use the adduser Perl script, but the pw command. Just MHO, but I think the defaults are too "loose," not well-documented, and not easily auditable. Should I file a PR, maybe? CC'ing to -security... -kc >Date: Thu, 13 Sep 2001 09:56:22 -0400 >From: Chip Norkus <wd@arpa.com> >To: freebsd-stable@FreeBSD.ORG >Subject: Re: Default user directory (adduser) filemode > >On Thu Sep 13, 2001; 06:42AM -0700 Mike Harding used 1.4K bytes >of bandwidth to send the following: >> 'adduser' is a perl script, search it for '755' and you will find >> where the permissions are set, it's trivial to change in the source, >> although logically this could be a configuration parameter. The >> script is in /usr/sbin/adduser. > >Additionally, if you change your umask, mkdir(2) (which is what is used by >adduser) will be restricted. So, if you want files created to be completely >restricted from group/other access, you might do: ># (umask 077;adduser) >A more useful value (especially if you are supporting something like >'public_html' in user directories) would be a umask of 066, or maybe even >026. > >For more info see `man 2 umask` and `man chmod`. > >> - Mike H. >> >> Date: Thu, 13 Sep 2001 09:17:51 -0400 (EDT) >> From: Kenneth W Cochran <kwc@world.std.com> >> Sender: owner-freebsd-stable@FreeBSD.ORG >> List-ID: <freebsd-stable.FreeBSD.ORG> >> List-Archive: <http://docs.freebsd.org/mail/>; (Web Archive) >> List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions) >> List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable> >> List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable> >> X-Loop: FreeBSD.ORG >> Precedence: bulk >> >> Hello -stable: >> >> I notice that when I add a user to FreeBSD, either from adduser >> or from /stand/sysinstall --> UserAdd(sp?), the default filemode >> of the user's home directory is 755. So far, I can't find >> (something like) a config-option for this (i.e., in >> /etc/adduser.conf). Is this a bug or a feature(tm)? :) >> >> OS is -stable (RELENG_4), as of 8 September 2001. >> >> Thanks, >> >> -kc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200109131413.KAA29159>