Date: Sun, 20 Mar 2005 14:40:12 -0800 From: ray@redshift.com To: "H. S." <security@revolutionsp.com>, freebsd-hackers@freebsd.org Subject: Re: passwd & permissions Message-ID: <3.0.1.32.20050320144012.00a5f3f8@pop.redshift.com> In-Reply-To: <49296.81.84.174.5.1111346817.squirrel@mail.revolutionsp.co m>
next in thread | previous in thread | raw e-mail | index | archive | help
This may be partially related to the fact that I believe the system generates
those files automatically from /etc/master.passwd. So if you change the perms
on /etc/passwd, then when the system comes along and regenerates the files from
/etc/master.passwd, it would change the permissions during that process I would
think. I've never looked into the details of how it all happens (as far as
master.passwd vs. passwd), but this might be something to check into, as it
could relate to your situation.
Ray
At 01:26 PM 3/20/2005 -0600, H. S. wrote:
| Hey,
|
| I'm using FreeBSD on various servers for many time now, and there is
| something that always bothered me. It is related to /etc/passwd and
| /etc/pwd.db permissions.
|
| I have custom (0640) permissions on these files. However, each time a user
| changes his/her password, the system will reset the password file
| permissions back to the original (rw r r). I'm not much of a programmer,
| but I tried to change passwd.c source to do a execl() at the end of the
| file (calling chmod). After trying it, the permissions were reset anyway,
| so I added a perror("execl") and it says permission denied. Should be
| because passwd dropped privileges at that part of the program. I've
| thought about a cron job to fix the permissions every X minutes, but I'd
| like a more "clean" option to this.
|
| Where in the system can I change the permission-reset behaviour ? This
| also happens, for example, with /usr/local/sbin/ (rwx rx x are my
| permissions) after I upgrade any port, it will be rwx rx rx , and
| /usr/local/www too.
|
| I've edited the mtree/ files as it sounded like a good lead, but the
| behaviour remains.
|
| What should I do ?
|
| Thanks.
|
| _______________________________________________
| freebsd-hackers@freebsd.org mailing list
| http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
| To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
|
|
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.1.32.20050320144012.00a5f3f8>