From owner-freebsd-questions@FreeBSD.ORG Thu Jun 27 19:39:23 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 70937131 for ; Thu, 27 Jun 2013 19:39:23 +0000 (UTC) (envelope-from asv@inhio.eu) Received: from cz-prg-mx-01.inhio.eu (mail.inhio.eu [178.238.36.226]) by mx1.freebsd.org (Postfix) with ESMTP id 391771B2B for ; Thu, 27 Jun 2013 19:39:22 +0000 (UTC) Received: from [10.0.0.59] (unknown [84.242.85.251]) by cz-prg-mx-01.inhio.eu (Postfix) with ESMTPSA id BDB4531296; Thu, 27 Jun 2013 19:39:20 +0000 (UTC) Subject: Re: A very 'trivial' question about /root From: ASV To: Polytropon In-Reply-To: <20130627045841.7cdff648.freebsd@edvax.de> References: <1372282481.3268.27.camel@blackfriar.inhio.eu> <20130627045841.7cdff648.freebsd@edvax.de> Content-Type: text/plain; charset="us-ascii" Date: Thu, 27 Jun 2013 21:39:20 +0200 Message-ID: <1372361960.6831.24.camel@blackfriar.inhio.eu> Mime-Version: 1.0 X-Mailer: Evolution 2.32.1 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit Cc: freebsd-questions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jun 2013 19:39:23 -0000 Thanks for your reply Polytropon, I'm using FreeBSD since few years already and I'm kind of aware of the "dynamics" related to permissions, many of them are common to many Unices. I agree that the installer doesn't put anything secret but as a home dir for the root user it's highly likely that something not intended to be publicly readable will end up there soon after the installation. Which IMHO it's true also for any other user homedir which gets created by default using a pretty relaxed umask 022, but that seems to be the default on probably any other UNIX like system I've put my hands on AFAIR. Don't get me wrong, since I use FreeBSD I'm just in love with it. Mine is just a concern about these permission defaults which look to me a bit too relaxed and cannot find yet a reason why not to restrict it. After all I believe having good default settings may make the difference in some circumstances and/or save time. On Thu, 2013-06-27 at 04:58 +0200, Polytropon wrote: > On Wed, 26 Jun 2013 23:34:41 +0200, ASV wrote: > > There's any reason (and should be a fairly good one) why the /root > > directory permissions by default are set to 755 (for sure on releases > > 8.0/8.1/9.0/9.1)???? > > This is the default permission for user directories, as root > is considered a user in this (special) case, and /root is its > home directory. The installer does not put anything "secret" > in there, but _you_ might, so there should be no issue changing > it to a more restricted access permission. > > Hint: When a directory is r-x for "other", then it will be > indexed by the locate periodic job, so users could use the > locate command (and also find) to look what's in there. If > this is not desired, change to rwx/---/---, or rwx/r-x/--- > if you want to allow (trusted) users of the "wheel" group > to read and execute stuff from that directory (maybe homemade > admin scripts in /root/bin that should not be "public"). > > There are few things that touch /root content. System updating > might be one of them, but as it is typically run as root (and > even in SUM), restrictive permissions above the default are > no problem. > > To summarize the answer for your question: It's just the default. :-) > >