From owner-freebsd-hackers@FreeBSD.ORG Sun Mar 20 21:05:17 2005 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4832516A4CE for ; Sun, 20 Mar 2005 21:05:17 +0000 (GMT) Received: from mail.revolutionsp.com (ganymede.revolutionsp.com [64.246.0.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1982843D46 for ; Sun, 20 Mar 2005 21:05:17 +0000 (GMT) (envelope-from security@revolutionsp.com) Received: from mail.revolutionsp.com (localhost [127.0.0.1]) by mail.revolutionsp.com (Postfix) with ESMTP id 2BBCF15CBF for ; Sun, 20 Mar 2005 15:04:32 -0600 (CST) Received: from 81.84.174.5 (SquirrelMail authenticated user security@revolutionsp.com) by mail.revolutionsp.com with HTTP; Sun, 20 Mar 2005 15:04:32 -0600 (CST) Message-ID: <49607.81.84.174.5.1111352672.squirrel@mail.revolutionsp.com> In-Reply-To: <20050320200358.GA59392@walton.maths.tcd.ie> References: <49296.81.84.174.5.1111346817.squirrel@mail.revolutionsp.com> <20050320200358.GA59392@walton.maths.tcd.ie> Date: Sun, 20 Mar 2005 15:04:32 -0600 (CST) From: "H. S." To: freebsd-hackers@freebsd.org User-Agent: SquirrelMail/1.4.4 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: Re: passwd & permissions X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Mar 2005 21:05:17 -0000 Hey, #define PERM_INSECURE (S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) #define PERM_SECURE (S_IRUSR|S_IWUSR) Thanks, removing S_IROTH worked :-) While we're at it, what is the cause for the system changing permissions when I install a port ? (ie /usr/local/sbin and /usr/local/www) As I've said in my previous mail, changing the mtree/ files to reflect my desired permissions sounded logical, but either I failed some step or it isn't the way to go. > On Sun, Mar 20, 2005 at 01:26:57PM -0600, H. S. wrote: >> I'm using FreeBSD on various servers for many time now, and there is >> something that always bothered me. It is related to /etc/passwd and >> /etc/pwd.db permissions. >> >> I have custom (0640) permissions on these files. However, each time a >> user >> changes his/her password, the system will reset the password file >> permissions back to the original (rw r r). > > I think these files would be rebuilt by the pwd_mkdb utility. You > should be able to change it to rebuild the files with different > permissions. See the PERM_INSECURE and PERM_SECURE constant pwd_mkdb.c. > > (I'm not really sure about the wisdom of making passwd and pwd.db > have permissions 640, but I guess you know your system best.) > > David. >