From owner-freebsd-hackers Fri Sep 7 7:40:49 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from ringworld.nanolink.com (sentinel.office1.bg [217.75.135.254]) by hub.freebsd.org (Postfix) with SMTP id 9C89A37B405 for ; Fri, 7 Sep 2001 07:40:44 -0700 (PDT) Received: (qmail 1606 invoked by uid 1000); 7 Sep 2001 14:40:20 -0000 Date: Fri, 7 Sep 2001 17:40:20 +0300 From: Peter Pentchev To: void Cc: Andrey Simonenko , freebsd-hackers@freebsd.org Subject: Re: Permissions on /root directory and /etc/mtree/BSD.root.dist Message-ID: <20010907174020.D638@ringworld.oblivion.bg> Mail-Followup-To: void , Andrey Simonenko , freebsd-hackers@freebsd.org References: <004f01c1369d$5fc07ba0$6d36120a@comsys.ntukpi.kiev.ua> <20010906202334.A6682@firedrake.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010906202334.A6682@firedrake.org>; from float@firedrake.org on Thu, Sep 06, 2001 at 08:23:34PM +0100 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Sep 06, 2001 at 08:23:34PM +0100, void wrote: > On Thu, Sep 06, 2001 at 10:30:08AM +0400, Andrey Simonenko wrote: > > > > 0700 mode restricts other users from reading /root directory. > > When root wants to upgrade system he/she run "make buildworld", > > "make installworld". But installworld calls mtree, which changes > > /root permissions to default value specified in the /etc/mtree/BSD.root.dist > > file. So, if administrator will not forgot about needed permissions > > on /root, then installworld will open /root directory for reading > > for everybody. > > > > I propose not to change permissions on /root directory in > > the /etc/mtree/BSD.root.dist file and leave them unchanged. > > > > Comments? > > There is a whole class of problems like this. For example, my > installation of mutt doesn't work right if /var/mail is not mode 1777, > but BSD.var.dist changes it to 755 every time I installworld. > > I think a more general solution might be in order. Perhaps some sort > of local.dist that is processed after BSD.*.dist. > > As a workaround, I put "chmod 1777 /var/mail" in my rc.local script. > I suggest you do something similar. And then, of course, there is the obvious solution: maintaining some local patches, applied to the source tree after each update. (and reversed before each update..) This is the way I'm doing it, but then, I have a *lot* of local changes, and such an approach might not make sense for a single change like that.. G'luck, Peter -- I am the thought you are now thinking. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message