Date: Thu, 13 Sep 2001 17:33:51 +0300 From: Peter Pentchev <roam@ringlet.net> To: Kenneth W Cochran <kwc@world.std.com> Cc: Chip Norkus <wd@arpa.com>, freebsd-security@freebsd.org, freebsd-stable@freebsd.org Subject: Re: Default user directory (adduser) filemode Message-ID: <20010913173351.C13432@ringworld.oblivion.bg> In-Reply-To: <200109131413.KAA29159@world.std.com>; from kwc@world.std.com on Thu, Sep 13, 2001 at 10:13:52AM -0400 References: <200109131317.JAA25490@world.std.com> <20010913134223.B389613121@netcom1.netcom.com> <200109131413.KAA29159@world.std.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 13, 2001 at 10:13:52AM -0400, Kenneth W Cochran wrote: > Sounds reasonable... But sysinstall --> UserAdd doesn't > use the adduser Perl script, but the pw command. > Just MHO, but I think the defaults are too "loose," not > well-documented, and not easily auditable. > > Should I file a PR, maybe? > > CC'ing to -security... For adduser(8), you could try a patch that I wrote up a couple of weeks ago; it's at http://people.FreeBSD.org/~roam/bsd/adduser-mode-RELENG_4.patch.gz For pw(8), however, things are more complicated - including the fact that pw(8) has no default configuration store. G'luck, Peter -- This sentence every third, but it still comprehensible. > >Date: Thu, 13 Sep 2001 09:56:22 -0400 > >From: Chip Norkus <wd@arpa.com> > >To: freebsd-stable@FreeBSD.ORG > >Subject: Re: Default user directory (adduser) filemode > > > >On Thu Sep 13, 2001; 06:42AM -0700 Mike Harding used 1.4K bytes > >of bandwidth to send the following: > >> 'adduser' is a perl script, search it for '755' and you will find > >> where the permissions are set, it's trivial to change in the source, > >> although logically this could be a configuration parameter. The > >> script is in /usr/sbin/adduser. > > > >Additionally, if you change your umask, mkdir(2) (which is what is used by > >adduser) will be restricted. So, if you want files created to be completely > >restricted from group/other access, you might do: > ># (umask 077;adduser) > >A more useful value (especially if you are supporting something like > >'public_html' in user directories) would be a umask of 066, or maybe even > >026. > > > >For more info see `man 2 umask` and `man chmod`. > > > >> - Mike H. > >> > >> Date: Thu, 13 Sep 2001 09:17:51 -0400 (EDT) > >> From: Kenneth W Cochran <kwc@world.std.com> > >> Sender: owner-freebsd-stable@FreeBSD.ORG > >> List-ID: <freebsd-stable.FreeBSD.ORG> > >> List-Archive: <http://docs.freebsd.org/mail/>; (Web Archive) > >> List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions) > >> List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable> > >> List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable> > >> X-Loop: FreeBSD.ORG > >> Precedence: bulk > >> > >> Hello -stable: > >> > >> I notice that when I add a user to FreeBSD, either from adduser > >> or from /stand/sysinstall --> UserAdd(sp?), the default filemode > >> of the user's home directory is 755. So far, I can't find > >> (something like) a config-option for this (i.e., in > >> /etc/adduser.conf). Is this a bug or a feature(tm)? :) > >> > >> OS is -stable (RELENG_4), as of 8 September 2001. > >> > >> Thanks, > >> > >> -kc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010913173351.C13432>