From owner-freebsd-ports@FreeBSD.ORG  Sat Jul  7 23:14:57 2012
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 1A3E1106566C
	for <freebsd-ports@freebsd.org>; Sat,  7 Jul 2012 23:14:56 +0000 (UTC)
	(envelope-from jhellenthal@dataix.net)
Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com
	[209.85.214.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 7EAD18FC0A
	for <freebsd-ports@freebsd.org>; Sat,  7 Jul 2012 23:14:56 +0000 (UTC)
Received: by obbun3 with SMTP id un3so21659178obb.13
	for <freebsd-ports@freebsd.org>; Sat, 07 Jul 2012 16:14:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa;
	h=date:from:to:cc:subject:message-id:references:mime-version
	:content-type:content-disposition:in-reply-to;
	bh=pSnfmZJ77CiTxO0sZngnNa7XC7kUGeluwLIykDv7Jy4=;
	b=YZyZ8A4Mc5VSUorA5efZfekvAlk7+BukREg2PhGHtiiLCGLN6HA5NFroViWH8NxrNk
	vXVSnd2nEr8tgs0q6qGXE51e/+nNnquS1IRf9ejF0uyhldg1MOohVnVCtMIT9kEneveQ
	UMcYVFl+rI+cin0Lk3/XHYWu41pZq+T19H2cI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20120113;
	h=date:from:to:cc:subject:message-id:references:mime-version
	:content-type:content-disposition:in-reply-to:x-gm-message-state;
	bh=pSnfmZJ77CiTxO0sZngnNa7XC7kUGeluwLIykDv7Jy4=;
	b=KEC7RXIRfvFspRuoWpBB+1SQw72im++ZMNQXlh/d1CjIDzrDtQZ8xIX/28N5EX4TMD
	6UPkTjJUhkXYK5g3DXEViJotcHqbL5kX7Gat05x1InFUDnUzFM2VL6XYf20+uJWaaxaa
	JDprqaCNgJof1NkrSaQZZo7eLv9Q3TUIoY8BFIy0xASiz+vFC+69b/IZhtVCVpWJCkSX
	v+X8yvCqR40fWxoZWmYwB1d3h0MG4xirPmmPF5JICoSQ0ofBdrju3V92fppAR0vK56VO
	yFLrCUSLTDLeaDI0pLAN0JxyY6fAo1VgVjvH+czPubxKfl4gqmAdI0+eGqPYW48seVA6
	bGZw==
Received: by 10.50.182.232 with SMTP id eh8mr5306382igc.48.1341702895806;
	Sat, 07 Jul 2012 16:14:55 -0700 (PDT)
Received: from DataIX.net (adsl-99-109-126-183.dsl.klmzmi.sbcglobal.net.
	[99.109.126.183])
	by mx.google.com with ESMTPS id k6sm5639961igz.9.2012.07.07.16.14.49
	(version=TLSv1/SSLv3 cipher=OTHER);
	Sat, 07 Jul 2012 16:14:55 -0700 (PDT)
Received: from DataIX.net (localhost [127.0.0.1])
	by DataIX.net (8.14.5/8.14.5) with ESMTP id q67NEkVi020321
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Sat, 7 Jul 2012 19:14:46 -0400 (EDT)
	(envelope-from jhellenthal@DataIX.net)
Received: (from jh@localhost)
	by DataIX.net (8.14.5/8.14.5/Submit) id q67NEjgS020320;
	Sat, 7 Jul 2012 19:14:45 -0400 (EDT)
	(envelope-from jhellenthal@DataIX.net)
Date: Sat, 7 Jul 2012 19:14:45 -0400
From: Jason Hellenthal <jhellenthal@dataix.net>
To: grarpamp <grarpamp@gmail.com>
Message-ID: <20120707231445.GA16872@DataIX.net>
References: <CAD2Ti29f1M_KCR19o9gSJNxRe7=gWDiMcaV6W9qhsziFONBBQA@mail.gmail.com>
	<CADLo83__gV=kdVGbVfZLc3Tm=g3WMi9_bLpGJdjGfHjn6RrhyQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="SUOF0GtieIMvvwua"
Content-Disposition: inline
In-Reply-To: <CADLo83__gV=kdVGbVfZLc3Tm=g3WMi9_bLpGJdjGfHjn6RrhyQ@mail.gmail.com>
X-Gm-Message-State: ALoCoQn/kPbdOuc1rdnvu0h8uyoGKs/1a6doFUaG7FPcTaz/oS9V4fAzZxzWI4xgmAP1CEs2V3PJ
Cc: Chris Rees <utisoft@gmail.com>, freebsd-ports@freebsd.org
Subject: Re: Standard file permissions for /usr/local
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Jul 2012 23:14:57 -0000


--SUOF0GtieIMvvwua
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable


In this whole thread I don't any relation as to what perms are on what
directory ... which inherently makes the whole point mud.

What is actually trying to be accomplished here?

Given there is no context as to what these are and belong to the numbers
below with the symbolic meaning are useless besides saying the system is
being populated and things are different.

Also having a standard for file permissions is nearly irrelevent with
the exceptions to specific areas of the filesytem like documents can
easily be said needing to be 'a=3DrX' "/usr/local/share/doc" ... examples
etc.

Blindly going through installed software with a massively large comb
"chmod -R anything=3Danything" is a bad idea. packages and ports need to
be singly identified and looked at more closely as to whether they are
doing the right thing.

Do you have anything relevant as to a particular port or package ?

On Sat, Jul 07, 2012 at 11:39:24PM +0100, Chris Rees wrote:
> On Jul 7, 2012 11:02 PM, "grarpamp" <grarpamp@gmail.com> wrote:
> >
> > Given a /usr/local populated only by ports (more specifically,
> > packages), we have the following stats...
> >
> > /usr/local
> >
> > 54378 -r--r--r--
> >    1 -r-sr-xr-x
> > 1505 -r-xr-xr-x
> > 21790 -rw-r--r--
> >    9 -rw-rw-r--
> >    1 -rws--x--x
> >    1 -rwsr-x---
> >    1 -rwsr-xr--
> >    4 -rwsr-xr-x
> >    4 -rwxr-sr-x
> > 3515 -rwxr-xr-x
> >    1 drwx------
> > 6064 drwxr-xr-x
> >    1 drwxrwsr-x
> > 1638 lrwxr-xr-x
> >    1 lrwxrwxrwx
> >
> > For /usr, we have...
> >
> > 24907 -r--r--r--
> >    4 -r-sr-sr-x
> >    3 -r-sr-x---
> >   24 -r-sr-xr-x
> >    8 -r-xr-sr-x
> >  786 -r-xr-xr-x
> >    2 -rw-------
> >    8 -rw-r--r--
> >    1 -rwxr-xr-x
> > 1284 drwxr-xr-x
> >    1 drwxrwxrwt
> >  947 lrwxr-xr-x
> >   34 lrwxrwxrwx
> >
> > Am I to, or should I, believe that there is some standard or preference
> > such that files should not have mode u+w?
> >
> > Let's take a look at etc' s 'configurables area' too...
> >
> > /usr/local/etc
> >
> >  198 -r--r--r--
> >   19 -r-xr-xr-x
> >   40 -rw-r--r--
> >    1 drwx------
> >   77 drwxr-xr-x
> >   16 lrwxr-xr-x
> >
> > /etc
> >
> >   25 -r--r--r--
> >    1 -r-x------
> >  153 -r-xr-xr-x
> >   20 -rw-------
> >    1 -rw-r-----
> >  121 -rw-r--r--
> >    1 -rw-rw-r--
> >    6 -rwx------
> >   57 -rwxr-xr-x
> >    2 drwx------
> >   25 drwxr-xr-x
> >    3 lrwxr-xr-x
> >    4 lrwxrwxrwx
> >
> > Now see that I have amended my /usr/local perms after install such that
> > root can more easily manage that tree. (I could have just as easily
> conformed
> > it to u-w).
> >
> > 76179 -rw-r--r--
> >    1 -rwsr-xr-x
> > 5029 -rwxr-xr-x
> > 6066 drwxr-xr-x
> > 1639 lrwxr-xr-x
> >
> > I don't see the point in making things mode u-w?
> > 'Security' cannot be the case, as even setting dirs u-w, schg,
> capabilities,
> > read-only mount, etc will make no difference... for root, it's only
> annoying for
> > a moment.
> >
> > What standard / guide am I missing that says u-w is the way (for at lea=
st
> > the large majority of the files in the first two counts above)?
>=20
> It's pointless having most files u+w, since they won't be edited, but
> soonish I'm told that http://bugs.freebsd.org/157168 should be committed,
> which will make conf files u+w.
>=20

--=20

 - (2^(N-1))

--SUOF0GtieIMvvwua
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJP+MLlAAoJEBSh2Dr1DU7WI9AH/3elibVjtNoTU8hsh/k3JHAp
hbsh+Dug2nZjO9gfmg76uszGlfugjOoeZMzpsieawirTx90THGtUL8uZ9hzPljjc
1Xbi+cIkUrYRLKIKCJZNfmtoCckMvRiaY9r2e9T39Zi3R+W8O6FgFLd5a367fJtM
hvbtM236W1ffyawtvDnP4+2jAd2WDAlJgpnW4skBj9AqnzcJIg7ZU0zVQmzBWv4U
a1xMejtPHQ++Y21TpnLEZoUa98Vq018DVMUP37X21BkEjZylPKX3uZZ0CfbTq5y5
OxG/SD3PZRIcFCNEEMQwRA/cQXVHufgB8kNY7m0TzSZae3BHSjNHC2KKEkxzrRQ=
=66oc
-----END PGP SIGNATURE-----

--SUOF0GtieIMvvwua--