Date: Sun, 24 Oct 2004 00:13:38 +0300 From: Vlad GALU <vladgalu@gmail.com> To: freebsd-security@freebsd.org Subject: Re: Default permissions of /home/user.. Message-ID: <79722fad04102314136d2dc0e2@mail.gmail.com> In-Reply-To: <Pine.NEB.3.96L.1041023160159.59894D-100000@fledge.watson.org> References: <1323.213.112.198.199.1098388008.squirrel@mail.hackunite.net> <Pine.NEB.3.96L.1041023160159.59894D-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 23 Oct 2004 16:03:15 +0100 (BST), Robert Watson
<rwatson@freebsd.org> wrote:
>
> On Thu, 21 Oct 2004, Jesper Wallin wrote:
>
> > I've asked this question before without getting any further help
> > really.. When a new user is added using "adduser" on 5.x (havn't really
> > checked if it's the same under 4.x or not), the default homedir
> > permission is 755 (drwxr-xr-x) which to me, looks a bit insecure? It's
> > of course pretty easy to solve it by a simple chmod, but yet, isn't
> > there anyway to change the default chmod value? Last time I asked about
> > this, people told me to check out the skel directory, but the only thing
> > you can do in there is to change the default chmod value of the
> > files/directories _in_ the homedir, not the chmod values of the actually
> > homedir.. I would be glad if someone could give me further assistanse
> > how do solve this without manually modifying the "adduser" script.. and
> > if it this option doesn't exist, shouldn't it be added or is it just me
> > who want my homedir secure from other users? ;)
>
> I'm a fan of creating "public", "public_html", and "private" directories
> in the user's home directory when their account is created, with
> appropriate permissions. That way I can just tell users "put the file in
> your private directory if you want it to be private". I use custom
> scripts for accounts here, but you may just be able to create those
> prototype directories in skel and have adduser do the right thing.
One thing though. The mtree file that controls the permissions
for / specifies 0755 as the mask for /root. It's allright with me, I
have "chmod /root 0600" in my .profile, but still ...
> Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
> robert@fledge.watson.org Principal Research Scientist, McAfee Research
>
>
>
>
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
>
--
If it's there, and you can see it, it's real.
If it's not there, and you can see it, it's virtual.
If it's there, and you can't see it, it's transparent.
If it's not there, and you can't see it, you erased it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?79722fad04102314136d2dc0e2>