From owner-freebsd-ports@FreeBSD.ORG Sat Jul 7 22:39:25 2012 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C00AA106566B for ; Sat, 7 Jul 2012 22:39:25 +0000 (UTC) (envelope-from utisoft@gmail.com) Received: from mail-bk0-f54.google.com (mail-bk0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id 48E778FC0C for ; Sat, 7 Jul 2012 22:39:25 +0000 (UTC) Received: by bkcje9 with SMTP id je9so4690518bkc.13 for ; Sat, 07 Jul 2012 15:39:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=sdsvrBCQQznQCv3rjf0ISsHOW1hWsMh1lw4ObBhqrsI=; b=XRNvWuIGUeZIWJsgiDhSjceQGlaA+Vvd16biTYkLeFU5GwJYnj0TTmcXW4ZJnwBkEp QJN2LWh5DBNKvADK7atpg+jX3TezrAKM7EjUI0sLVswBLpU/Ry7gJFvDfFVOdI+CMy6w /iMj6mIlpAYHxyz/mHiEpfPIRo4scYyDudpg5/tOk82nE0sGGm6ajgn+2m5S/tQnWDsx jtn5Y8fGtl7VA//Gx3QjbJB3/k73Z2un6rka07V8txBj3XNe1gUEfGBglfkcxMDxryPu VX3WuoXkdVcfPYokWXcOZWxfwOBuMxu8pDiUt3LcUNgpT0ZBWFA4RY4igKvSahnvM6nz 2Anw== MIME-Version: 1.0 Received: by 10.204.152.4 with SMTP id e4mr11606097bkw.2.1341700764125; Sat, 07 Jul 2012 15:39:24 -0700 (PDT) Received: by 10.204.49.87 with HTTP; Sat, 7 Jul 2012 15:39:24 -0700 (PDT) Received: by 10.204.49.87 with HTTP; Sat, 7 Jul 2012 15:39:24 -0700 (PDT) In-Reply-To: References: Date: Sat, 7 Jul 2012 23:39:24 +0100 Message-ID: From: Chris Rees To: grarpamp Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-ports@freebsd.org Subject: Re: Standard file permissions for /usr/local X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Jul 2012 22:39:25 -0000 On Jul 7, 2012 11:02 PM, "grarpamp" wrote: > > Given a /usr/local populated only by ports (more specifically, > packages), we have the following stats... > > /usr/local > > 54378 -r--r--r-- > 1 -r-sr-xr-x > 1505 -r-xr-xr-x > 21790 -rw-r--r-- > 9 -rw-rw-r-- > 1 -rws--x--x > 1 -rwsr-x--- > 1 -rwsr-xr-- > 4 -rwsr-xr-x > 4 -rwxr-sr-x > 3515 -rwxr-xr-x > 1 drwx------ > 6064 drwxr-xr-x > 1 drwxrwsr-x > 1638 lrwxr-xr-x > 1 lrwxrwxrwx > > For /usr, we have... > > 24907 -r--r--r-- > 4 -r-sr-sr-x > 3 -r-sr-x--- > 24 -r-sr-xr-x > 8 -r-xr-sr-x > 786 -r-xr-xr-x > 2 -rw------- > 8 -rw-r--r-- > 1 -rwxr-xr-x > 1284 drwxr-xr-x > 1 drwxrwxrwt > 947 lrwxr-xr-x > 34 lrwxrwxrwx > > Am I to, or should I, believe that there is some standard or preference > such that files should not have mode u+w? > > Let's take a look at etc' s 'configurables area' too... > > /usr/local/etc > > 198 -r--r--r-- > 19 -r-xr-xr-x > 40 -rw-r--r-- > 1 drwx------ > 77 drwxr-xr-x > 16 lrwxr-xr-x > > /etc > > 25 -r--r--r-- > 1 -r-x------ > 153 -r-xr-xr-x > 20 -rw------- > 1 -rw-r----- > 121 -rw-r--r-- > 1 -rw-rw-r-- > 6 -rwx------ > 57 -rwxr-xr-x > 2 drwx------ > 25 drwxr-xr-x > 3 lrwxr-xr-x > 4 lrwxrwxrwx > > Now see that I have amended my /usr/local perms after install such that > root can more easily manage that tree. (I could have just as easily conformed > it to u-w). > > 76179 -rw-r--r-- > 1 -rwsr-xr-x > 5029 -rwxr-xr-x > 6066 drwxr-xr-x > 1639 lrwxr-xr-x > > I don't see the point in making things mode u-w? > 'Security' cannot be the case, as even setting dirs u-w, schg, capabilities, > read-only mount, etc will make no difference... for root, it's only annoying for > a moment. > > What standard / guide am I missing that says u-w is the way (for at least > the large majority of the files in the first two counts above)? It's pointless having most files u+w, since they won't be edited, but soonish I'm told that http://bugs.freebsd.org/157168 should be committed, which will make conf files u+w. Chris