Date: Sat, 7 Jul 2012 19:14:45 -0400 From: Jason Hellenthal <jhellenthal@dataix.net> To: grarpamp <grarpamp@gmail.com> Cc: Chris Rees <utisoft@gmail.com>, freebsd-ports@freebsd.org Subject: Re: Standard file permissions for /usr/local Message-ID: <20120707231445.GA16872@DataIX.net> In-Reply-To: <CADLo83__gV=kdVGbVfZLc3Tm=g3WMi9_bLpGJdjGfHjn6RrhyQ@mail.gmail.com> References: <CAD2Ti29f1M_KCR19o9gSJNxRe7=gWDiMcaV6W9qhsziFONBBQA@mail.gmail.com> <CADLo83__gV=kdVGbVfZLc3Tm=g3WMi9_bLpGJdjGfHjn6RrhyQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--SUOF0GtieIMvvwua Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In this whole thread I don't any relation as to what perms are on what directory ... which inherently makes the whole point mud. What is actually trying to be accomplished here? Given there is no context as to what these are and belong to the numbers below with the symbolic meaning are useless besides saying the system is being populated and things are different. Also having a standard for file permissions is nearly irrelevent with the exceptions to specific areas of the filesytem like documents can easily be said needing to be 'a=3DrX' "/usr/local/share/doc" ... examples etc. Blindly going through installed software with a massively large comb "chmod -R anything=3Danything" is a bad idea. packages and ports need to be singly identified and looked at more closely as to whether they are doing the right thing. Do you have anything relevant as to a particular port or package ? On Sat, Jul 07, 2012 at 11:39:24PM +0100, Chris Rees wrote: > On Jul 7, 2012 11:02 PM, "grarpamp" <grarpamp@gmail.com> wrote: > > > > Given a /usr/local populated only by ports (more specifically, > > packages), we have the following stats... > > > > /usr/local > > > > 54378 -r--r--r-- > > 1 -r-sr-xr-x > > 1505 -r-xr-xr-x > > 21790 -rw-r--r-- > > 9 -rw-rw-r-- > > 1 -rws--x--x > > 1 -rwsr-x--- > > 1 -rwsr-xr-- > > 4 -rwsr-xr-x > > 4 -rwxr-sr-x > > 3515 -rwxr-xr-x > > 1 drwx------ > > 6064 drwxr-xr-x > > 1 drwxrwsr-x > > 1638 lrwxr-xr-x > > 1 lrwxrwxrwx > > > > For /usr, we have... > > > > 24907 -r--r--r-- > > 4 -r-sr-sr-x > > 3 -r-sr-x--- > > 24 -r-sr-xr-x > > 8 -r-xr-sr-x > > 786 -r-xr-xr-x > > 2 -rw------- > > 8 -rw-r--r-- > > 1 -rwxr-xr-x > > 1284 drwxr-xr-x > > 1 drwxrwxrwt > > 947 lrwxr-xr-x > > 34 lrwxrwxrwx > > > > Am I to, or should I, believe that there is some standard or preference > > such that files should not have mode u+w? > > > > Let's take a look at etc' s 'configurables area' too... > > > > /usr/local/etc > > > > 198 -r--r--r-- > > 19 -r-xr-xr-x > > 40 -rw-r--r-- > > 1 drwx------ > > 77 drwxr-xr-x > > 16 lrwxr-xr-x > > > > /etc > > > > 25 -r--r--r-- > > 1 -r-x------ > > 153 -r-xr-xr-x > > 20 -rw------- > > 1 -rw-r----- > > 121 -rw-r--r-- > > 1 -rw-rw-r-- > > 6 -rwx------ > > 57 -rwxr-xr-x > > 2 drwx------ > > 25 drwxr-xr-x > > 3 lrwxr-xr-x > > 4 lrwxrwxrwx > > > > Now see that I have amended my /usr/local perms after install such that > > root can more easily manage that tree. (I could have just as easily > conformed > > it to u-w). > > > > 76179 -rw-r--r-- > > 1 -rwsr-xr-x > > 5029 -rwxr-xr-x > > 6066 drwxr-xr-x > > 1639 lrwxr-xr-x > > > > I don't see the point in making things mode u-w? > > 'Security' cannot be the case, as even setting dirs u-w, schg, > capabilities, > > read-only mount, etc will make no difference... for root, it's only > annoying for > > a moment. > > > > What standard / guide am I missing that says u-w is the way (for at lea= st > > the large majority of the files in the first two counts above)? >=20 > It's pointless having most files u+w, since they won't be edited, but > soonish I'm told that http://bugs.freebsd.org/157168 should be committed, > which will make conf files u+w. >=20 --=20 - (2^(N-1)) --SUOF0GtieIMvvwua Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJP+MLlAAoJEBSh2Dr1DU7WI9AH/3elibVjtNoTU8hsh/k3JHAp hbsh+Dug2nZjO9gfmg76uszGlfugjOoeZMzpsieawirTx90THGtUL8uZ9hzPljjc 1Xbi+cIkUrYRLKIKCJZNfmtoCckMvRiaY9r2e9T39Zi3R+W8O6FgFLd5a367fJtM hvbtM236W1ffyawtvDnP4+2jAd2WDAlJgpnW4skBj9AqnzcJIg7ZU0zVQmzBWv4U a1xMejtPHQ++Y21TpnLEZoUa98Vq018DVMUP37X21BkEjZylPKX3uZZ0CfbTq5y5 OxG/SD3PZRIcFCNEEMQwRA/cQXVHufgB8kNY7m0TzSZae3BHSjNHC2KKEkxzrRQ= =66oc -----END PGP SIGNATURE----- --SUOF0GtieIMvvwua--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120707231445.GA16872>