Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 23 Oct 2004 16:03:15 +0100 (BST)
From:      Robert Watson <rwatson@freebsd.org>
To:        Jesper Wallin <jesper@hackunite.net>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Default permissions of /home/user..
Message-ID:  <Pine.NEB.3.96L.1041023160159.59894D-100000@fledge.watson.org>
In-Reply-To: <1323.213.112.198.199.1098388008.squirrel@mail.hackunite.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Thu, 21 Oct 2004, Jesper Wallin wrote:

> I've asked this question before without getting any further help
> really..  When a new user is added using "adduser" on 5.x (havn't really
> checked if it's the same under 4.x or not), the default homedir
> permission is 755 (drwxr-xr-x) which to me, looks a bit insecure? It's
> of course pretty easy to solve it by a simple chmod, but yet, isn't
> there anyway to change the default chmod value? Last time I asked about
> this, people told me to check out the skel directory, but the only thing
> you can do in there is to change the default chmod value of the
> files/directories _in_ the homedir, not the chmod values of the actually
> homedir.. I would be glad if someone could give me further assistanse
> how do solve this without manually modifying the "adduser"  script.. and
> if it this option doesn't exist, shouldn't it be added or is it just me
> who want my homedir secure from other users? ;) 

I'm a fan of creating "public", "public_html", and "private" directories
in the user's home directory when their account is created, with
appropriate permissions.  That way I can just tell users "put the file in
your private directory if you want it to be private".  I use custom
scripts for accounts here, but you may just be able to create those
prototype directories in skel and have adduser do the right thing. 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org      Principal Research Scientist, McAfee Research

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1041023160159.59894D-100000>