From owner-freebsd-questions@FreeBSD.ORG Wed May 7 17:32:50 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D9317106567F for ; Wed, 7 May 2008 17:32:50 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from be-well.ilk.org (dsl092-078-145.bos1.dsl.speakeasy.net [66.92.78.145]) by mx1.freebsd.org (Postfix) with ESMTP id A4B278FC16 for ; Wed, 7 May 2008 17:32:50 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: by be-well.ilk.org (Postfix, from userid 1147) id C3ED52847B; Wed, 7 May 2008 13:32:49 -0400 (EDT) To: freebsd-questions@freebsd.org References: <75bda7a00805071016u2bb3428x46bdfcb87e0cfdd7@mail.gmail.com> <75bda7a00805071016ncc40af6m847dbef0f1baf33@mail.gmail.com> From: Lowell Gilbert Date: Wed, 07 May 2008 13:32:49 -0400 In-Reply-To: <75bda7a00805071016ncc40af6m847dbef0f1baf33@mail.gmail.com> (Norman Maurer's message of "Wed\, 7 May 2008 19\:16\:58 +0200") Message-ID: <443aou10la.fsf@be-well.ilk.org> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.1 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: Fwd: Question about a recent installation X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 May 2008 17:32:50 -0000 "Norman Maurer" writes: > ---------- Forwarded message ---------- > From: Norman Maurer > Date: 2008/5/7 > Subject: Re: Question about a recent installation > To: Mario Vazquez > > > 2008/5/6 Mario Vazquez : > >> > > On May 5, 2008, at 6:17 PM, doug wrote: > > > > > > > To give limited priviledges I think sudo (as in linux??) would be > > > used. > > > > > > I concur that sudo is really a very good way of managing privileges. > > I don't even know the root passwords on the systems that I administer > > (OK, I do have them stored in a nice secured place if I ever do need > > them). > > > > Cheers, > > > > -j > > > > > > ---------------------------------- > > > > In fact, I use sudo for managing too. My question is not about > sudo itself, it's about the possible risks (if any) of having a > default installation (FreeBSD7-RELEASE) which assigns ownership of the > root folder to root:wheel, thus allowing anyone with wheel privileges > be able to see (and copy btw) root folder contents. > > > > I still not get the point.. If the files are create the default is a > umask of 022 anway. So if you want to protect your files in the root > folder to get accessed, use umask 066 and maybe chmod 700 /root. Perhaps more to the point of the question, there is nothing in /root on a default system which has any need of being kept secret. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/