Date: Sat, 7 Jul 2012 23:39:24 +0100 From: Chris Rees <utisoft@gmail.com> To: grarpamp <grarpamp@gmail.com> Cc: freebsd-ports@freebsd.org Subject: Re: Standard file permissions for /usr/local Message-ID: <CADLo83__gV=kdVGbVfZLc3Tm=g3WMi9_bLpGJdjGfHjn6RrhyQ@mail.gmail.com> In-Reply-To: <CAD2Ti29f1M_KCR19o9gSJNxRe7=gWDiMcaV6W9qhsziFONBBQA@mail.gmail.com> References: <CAD2Ti29f1M_KCR19o9gSJNxRe7=gWDiMcaV6W9qhsziFONBBQA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 7, 2012 11:02 PM, "grarpamp" <grarpamp@gmail.com> wrote: > > Given a /usr/local populated only by ports (more specifically, > packages), we have the following stats... > > /usr/local > > 54378 -r--r--r-- > 1 -r-sr-xr-x > 1505 -r-xr-xr-x > 21790 -rw-r--r-- > 9 -rw-rw-r-- > 1 -rws--x--x > 1 -rwsr-x--- > 1 -rwsr-xr-- > 4 -rwsr-xr-x > 4 -rwxr-sr-x > 3515 -rwxr-xr-x > 1 drwx------ > 6064 drwxr-xr-x > 1 drwxrwsr-x > 1638 lrwxr-xr-x > 1 lrwxrwxrwx > > For /usr, we have... > > 24907 -r--r--r-- > 4 -r-sr-sr-x > 3 -r-sr-x--- > 24 -r-sr-xr-x > 8 -r-xr-sr-x > 786 -r-xr-xr-x > 2 -rw------- > 8 -rw-r--r-- > 1 -rwxr-xr-x > 1284 drwxr-xr-x > 1 drwxrwxrwt > 947 lrwxr-xr-x > 34 lrwxrwxrwx > > Am I to, or should I, believe that there is some standard or preference > such that files should not have mode u+w? > > Let's take a look at etc' s 'configurables area' too... > > /usr/local/etc > > 198 -r--r--r-- > 19 -r-xr-xr-x > 40 -rw-r--r-- > 1 drwx------ > 77 drwxr-xr-x > 16 lrwxr-xr-x > > /etc > > 25 -r--r--r-- > 1 -r-x------ > 153 -r-xr-xr-x > 20 -rw------- > 1 -rw-r----- > 121 -rw-r--r-- > 1 -rw-rw-r-- > 6 -rwx------ > 57 -rwxr-xr-x > 2 drwx------ > 25 drwxr-xr-x > 3 lrwxr-xr-x > 4 lrwxrwxrwx > > Now see that I have amended my /usr/local perms after install such that > root can more easily manage that tree. (I could have just as easily conformed > it to u-w). > > 76179 -rw-r--r-- > 1 -rwsr-xr-x > 5029 -rwxr-xr-x > 6066 drwxr-xr-x > 1639 lrwxr-xr-x > > I don't see the point in making things mode u-w? > 'Security' cannot be the case, as even setting dirs u-w, schg, capabilities, > read-only mount, etc will make no difference... for root, it's only annoying for > a moment. > > What standard / guide am I missing that says u-w is the way (for at least > the large majority of the files in the first two counts above)? It's pointless having most files u+w, since they won't be edited, but soonish I'm told that http://bugs.freebsd.org/157168 should be committed, which will make conf files u+w. Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADLo83__gV=kdVGbVfZLc3Tm=g3WMi9_bLpGJdjGfHjn6RrhyQ>