From owner-freebsd-questions@FreeBSD.ORG Wed May 7 17:17:00 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 909D3106566C for ; Wed, 7 May 2008 17:17:00 +0000 (UTC) (envelope-from norman.maurer@googlemail.com) Received: from fk-out-0910.google.com (fk-out-0910.google.com [209.85.128.188]) by mx1.freebsd.org (Postfix) with ESMTP id 1FBF48FC14 for ; Wed, 7 May 2008 17:16:59 +0000 (UTC) (envelope-from norman.maurer@googlemail.com) Received: by fk-out-0910.google.com with SMTP id k31so467672fkk.11 for ; Wed, 07 May 2008 10:16:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; bh=Sn6EF64PCExcLqSmOmxAESiGJw9cqHY+dAkWDFjZYvQ=; b=RQAnClgsHyIyCWW8qAoQ0WGDP7OLxQy0YgYeK22Bo4KskCuhgR9EtfwRqcNaS55Ao/SseyYosanUuDzCqJkNuvrxbaix9N+KdYZj/MEZ0eWR98NmHBF2DWuA4nE+olSf5uWnCWW6nn/xIrsdDslEwi5Is0hUOphx8eNyGguf/QY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:date:from:sender:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth; b=mCmNmgY08uU52mRCg5pJVv/MZFkWauM+xhkFmmvM+ZC6iR9JA6of49KnkFEiNB9f7s2J6LMvskrE+S47eP1fh3i9fFnlgyErzvE/pD7OZtxeT/kD6WmQdZ/MK6oqp0NxxesfyOBFo1+plt87bHj+5cZ1ldnWs1xETvnYZWZCREU= Received: by 10.86.78.4 with SMTP id a4mr2082713fgb.73.1210180618626; Wed, 07 May 2008 10:16:58 -0700 (PDT) Received: by 10.86.97.12 with HTTP; Wed, 7 May 2008 10:16:58 -0700 (PDT) Message-ID: <75bda7a00805071016ncc40af6m847dbef0f1baf33@mail.gmail.com> Date: Wed, 7 May 2008 19:16:58 +0200 From: "Norman Maurer" Sender: norman.maurer@googlemail.com To: freebsd-questions@freebsd.org In-Reply-To: <75bda7a00805071016u2bb3428x46bdfcb87e0cfdd7@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <75bda7a00805071016u2bb3428x46bdfcb87e0cfdd7@mail.gmail.com> X-Google-Sender-Auth: 2846c635aa8ebea1 Subject: Fwd: Question about a recent installation X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 May 2008 17:17:00 -0000 ---------- Forwarded message ---------- From: Norman Maurer Date: 2008/5/7 Subject: Re: Question about a recent installation To: Mario Vazquez 2008/5/6 Mario Vazquez : > > On May 5, 2008, at 6:17 PM, doug wrote: > > > > To give limited priviledges I think sudo (as in linux??) would be > > used. > > > I concur that sudo is really a very good way of managing privileges. > I don't even know the root passwords on the systems that I administer > (OK, I do have them stored in a nice secured place if I ever do need > them). > > Cheers, > > -j > > > ---------------------------------- > > In fact, I use sudo for managing too. My question is not about sudo itself, it's about the possible risks (if any) of having a default installation (FreeBSD7-RELEASE) which assigns ownership of the root folder to root:wheel, thus allowing anyone with wheel privileges be able to see (and copy btw) root folder contents. > I still not get the point.. If the files are create the default is a umask of 022 anway. So if you want to protect your files in the root folder to get accessed, use umask 066 and maybe chmod 700 /root. Cheers Norman