From owner-freebsd-security@FreeBSD.ORG Fri Oct 22 13:55:16 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E5C6916A4CE for ; Fri, 22 Oct 2004 13:55:16 +0000 (GMT) Received: from internet.potentialtech.com (h-66-167-251-6.phlapafg.covad.net [66.167.251.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8877943D41 for ; Fri, 22 Oct 2004 13:55:14 +0000 (GMT) (envelope-from wmoran@potentialtech.com) Received: from working.potentialtech.com (pa-plum-cmts1e-68-68-113-64.pittpa.adelphia.net [68.68.113.64]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by internet.potentialtech.com (Postfix) with ESMTP id C24D869A39; Fri, 22 Oct 2004 09:55:13 -0400 (EDT) Date: Fri, 22 Oct 2004 09:55:12 -0400 From: Bill Moran To: "Jesper Wallin" Message-Id: <20041022095512.31d991ae.wmoran@potentialtech.com> In-Reply-To: <1323.213.112.198.199.1098388008.squirrel@mail.hackunite.net> References: <1323.213.112.198.199.1098388008.squirrel@mail.hackunite.net> Organization: Potential Technologies X-Mailer: Sylpheed version 0.9.12 (GTK+ 1.2.10; i386-portbld-freebsd4.9) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit cc: freebsd-security@freebsd.org Subject: Re: Default permissions of /home/user.. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Oct 2004 13:55:17 -0000 "Jesper Wallin" wrote: > Hello.. > > I've asked this question before without getting any further help really.. > When a new user is added using "adduser" on 5.x (havn't really checked > if it's the same under 4.x or not), the default homedir permission is 755 > (drwxr-xr-x) which to me, looks a bit insecure? It's of course pretty easy > to solve it by a simple chmod, but yet, isn't there anyway to change the > default chmod value? Last time I asked about this, people told me to check > out the skel directory, but the only thing you can do in there is to change the > default chmod value of the files/directories _in_ the homedir, not the chmod > values of the actually homedir.. I would be glad if someone could give me > further assistanse how do solve this without manually modifying the "adduser" > script.. and if it this option doesn't exist, shouldn't it be added or is it just > me who want my homedir secure from other users? ;) The adduser script does not determine the permissions on the home directoyr. The pw command does that, adduser just calls pw. I don't know, but perhaps if you change the permissions on /usr/share/skel itself, the new directories created from it will have those permissions (I haven't tried this, so I could be wrong). pw doesn't seem to have an option to change the permissions on the home directory at creation time. Possibly an option could be added to adduser, that reads the desired permissions from adduser.conf and changes them after creation? -- Bill Moran Potential Technologies http://www.potentialtech.com