From owner-freebsd-security@FreeBSD.ORG Fri Oct 22 13:34:09 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 72C6616A4CE for ; Fri, 22 Oct 2004 13:34:09 +0000 (GMT) Received: from a2.scoop.co.nz (aurora.scoop.co.nz [203.96.152.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9DD3B43D41 for ; Fri, 22 Oct 2004 13:34:08 +0000 (GMT) (envelope-from andrew@scoop.co.nz) Received: from localhost (localhost [127.0.0.1]) by a2.scoop.co.nz (8.12.11/8.12.11) with ESMTP id i9MDY7DH093614; Sat, 23 Oct 2004 02:34:07 +1300 (NZDT) (envelope-from andrew@scoop.co.nz) Date: Sat, 23 Oct 2004 02:34:07 +1300 (NZDT) From: Andrew McNaughton To: Jesper Wallin In-Reply-To: <1323.213.112.198.199.1098388008.squirrel@mail.hackunite.net> Message-ID: <20041023022916.L21245@a2.scoop.co.nz> References: <1323.213.112.198.199.1098388008.squirrel@mail.hackunite.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-1.5.6 (a2.scoop.co.nz [127.0.0.1]); Sat, 23 Oct 2004 02:34:07 +1300 (NZDT) X-Virus-Scanned: clamd / ClamAV version 0.75.1, clamav-milter version 0.75c on a2.scoop.co.nz X-Virus-Status: Clean cc: freebsd-security@freebsd.org Subject: Re: Default permissions of /home/user.. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Oct 2004 13:34:09 -0000 On Thu, 21 Oct 2004, Jesper Wallin wrote: > Hello.. > > I've asked this question before without getting any further help really.. > When a new user is added using "adduser" on 5.x (havn't really checked > if it's the same under 4.x or not), the default homedir permission is 755 > (drwxr-xr-x) which to me, looks a bit insecure? It's of course pretty easy > to solve it by a simple chmod, but yet, isn't there anyway to change the > default chmod value? Last time I asked about this, people told me to check > out the skel directory, but the only thing you can do in there is to change the > default chmod value of the files/directories _in_ the homedir, not the chmod > values of the actually homedir.. I would be glad if someone could give me > further assistanse how do solve this without manually modifying the "adduser" > script.. and if it this option doesn't exist, shouldn't it be added or is it just > me who want my homedir secure from other users? ;) By default, anyone can read a user's home directory, but because normally noone is in the user's default group except the user themselves, noone else can write to it. If a user wants to restrict access to their entire home directory, they can chmod their own home directory, but this is not really recommended. It's better that they should make a restricted sub-directory for any restricted content. That way they can create directories inside their home directory with permissions such that they allow collaboration with whichever group is appropriate. Andrew McNaughton -- No added Sugar. Not tested on animals. May contain traces of Nuts. If irritation occurs, discontinue use. ------------------------------------------------------------------- Andrew McNaughton Living in a shack in Tasmania andrew@scoop.co.nz Between the bush and the sea Mobile: +61 422 753 792 http://staff.scoop.co.nz/andrew/cv.doc http://www.scoop.co.nz/