Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 7 Jul 2012 23:39:24 +0100
From:      Chris Rees <utisoft@gmail.com>
To:        grarpamp <grarpamp@gmail.com>
Cc:        freebsd-ports@freebsd.org
Subject:   Re: Standard file permissions for /usr/local
Message-ID:  <CADLo83__gV=kdVGbVfZLc3Tm=g3WMi9_bLpGJdjGfHjn6RrhyQ@mail.gmail.com>
In-Reply-To: <CAD2Ti29f1M_KCR19o9gSJNxRe7=gWDiMcaV6W9qhsziFONBBQA@mail.gmail.com>
References:  <CAD2Ti29f1M_KCR19o9gSJNxRe7=gWDiMcaV6W9qhsziFONBBQA@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 7, 2012 11:02 PM, "grarpamp" <grarpamp@gmail.com> wrote:
>
> Given a /usr/local populated only by ports (more specifically,
> packages), we have the following stats...
>
> /usr/local
>
> 54378 -r--r--r--
>    1 -r-sr-xr-x
> 1505 -r-xr-xr-x
> 21790 -rw-r--r--
>    9 -rw-rw-r--
>    1 -rws--x--x
>    1 -rwsr-x---
>    1 -rwsr-xr--
>    4 -rwsr-xr-x
>    4 -rwxr-sr-x
> 3515 -rwxr-xr-x
>    1 drwx------
> 6064 drwxr-xr-x
>    1 drwxrwsr-x
> 1638 lrwxr-xr-x
>    1 lrwxrwxrwx
>
> For /usr, we have...
>
> 24907 -r--r--r--
>    4 -r-sr-sr-x
>    3 -r-sr-x---
>   24 -r-sr-xr-x
>    8 -r-xr-sr-x
>  786 -r-xr-xr-x
>    2 -rw-------
>    8 -rw-r--r--
>    1 -rwxr-xr-x
> 1284 drwxr-xr-x
>    1 drwxrwxrwt
>  947 lrwxr-xr-x
>   34 lrwxrwxrwx
>
> Am I to, or should I, believe that there is some standard or preference
> such that files should not have mode u+w?
>
> Let's take a look at etc' s 'configurables area' too...
>
> /usr/local/etc
>
>  198 -r--r--r--
>   19 -r-xr-xr-x
>   40 -rw-r--r--
>    1 drwx------
>   77 drwxr-xr-x
>   16 lrwxr-xr-x
>
> /etc
>
>   25 -r--r--r--
>    1 -r-x------
>  153 -r-xr-xr-x
>   20 -rw-------
>    1 -rw-r-----
>  121 -rw-r--r--
>    1 -rw-rw-r--
>    6 -rwx------
>   57 -rwxr-xr-x
>    2 drwx------
>   25 drwxr-xr-x
>    3 lrwxr-xr-x
>    4 lrwxrwxrwx
>
> Now see that I have amended my /usr/local perms after install such that
> root can more easily manage that tree. (I could have just as easily
conformed
> it to u-w).
>
> 76179 -rw-r--r--
>    1 -rwsr-xr-x
> 5029 -rwxr-xr-x
> 6066 drwxr-xr-x
> 1639 lrwxr-xr-x
>
> I don't see the point in making things mode u-w?
> 'Security' cannot be the case, as even setting dirs u-w, schg,
capabilities,
> read-only mount, etc will make no difference... for root, it's only
annoying for
> a moment.
>
> What standard / guide am I missing that says u-w is the way (for at least
> the large majority of the files in the first two counts above)?

It's pointless having most files u+w, since they won't be edited, but
soonish I'm told that http://bugs.freebsd.org/157168 should be committed,
which will make conf files u+w.

Chris



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADLo83__gV=kdVGbVfZLc3Tm=g3WMi9_bLpGJdjGfHjn6RrhyQ>