From owner-freebsd-hackers@FreeBSD.ORG Sun Mar 20 19:27:42 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6B54A16A4CE for ; Sun, 20 Mar 2005 19:27:42 +0000 (GMT) Received: from mail.revolutionsp.com (ganymede.revolutionsp.com [64.246.0.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0547243D1F for ; Sun, 20 Mar 2005 19:27:42 +0000 (GMT) (envelope-from security@revolutionsp.com) Received: from mail.revolutionsp.com (localhost [127.0.0.1]) by mail.revolutionsp.com (Postfix) with ESMTP id 0963715CBF for ; Sun, 20 Mar 2005 13:26:57 -0600 (CST) Received: from 81.84.174.5 (SquirrelMail authenticated user security@revolutionsp.com) by mail.revolutionsp.com with HTTP; Sun, 20 Mar 2005 13:26:57 -0600 (CST) Message-ID: <49296.81.84.174.5.1111346817.squirrel@mail.revolutionsp.com> Date: Sun, 20 Mar 2005 13:26:57 -0600 (CST) From: "H. S." To: freebsd-hackers@freebsd.org User-Agent: SquirrelMail/1.4.4 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: passwd & permissions X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Mar 2005 19:27:42 -0000 Hey, I'm using FreeBSD on various servers for many time now, and there is something that always bothered me. It is related to /etc/passwd and /etc/pwd.db permissions. I have custom (0640) permissions on these files. However, each time a user changes his/her password, the system will reset the password file permissions back to the original (rw r r). I'm not much of a programmer, but I tried to change passwd.c source to do a execl() at the end of the file (calling chmod). After trying it, the permissions were reset anyway, so I added a perror("execl") and it says permission denied. Should be because passwd dropped privileges at that part of the program. I've thought about a cron job to fix the permissions every X minutes, but I'd like a more "clean" option to this. Where in the system can I change the permission-reset behaviour ? This also happens, for example, with /usr/local/sbin/ (rwx rx x are my permissions) after I upgrade any port, it will be rwx rx rx , and /usr/local/www too. I've edited the mtree/ files as it sounded like a good lead, but the behaviour remains. What should I do ? Thanks.