Date: Sat, 23 Oct 2004 22:22:46 +0200 (CEST) From: "Jesper Wallin" <jesper@hackunite.net> To: freebsd-security@freebsd.org Subject: Re: Default permissions of /home/user.. Message-ID: <1357.213.112.198.199.1098562966.squirrel@mail.hackunite.net> In-Reply-To: <52757.10.0.0.10.1098560266.squirrel@10.0.0.10> References: <1323.213.112.198.199.1098388008.squirrel@mail.hackunite.net> <008401c4b868$ffd64ac0$3501a8c0@pro.sk> <00ab01c4b870$a3024760$3501a8c0@pro.sk> <52757.10.0.0.10.1098560266.squirrel@10.0.0.10>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello.. Sure, this works nice.. but yet, I did have to modify /usr/sbin/adduser .. Also, some of you said it's bad having a homedir chmod 700, how come? Let's say I use the account for coding, IRC perhaps, mail, etc.. none of those things require more access than 700? All I can think of is public_html which need o+x so nobody and/or www can access that directory.. I know, FreeBSD isn't Linux but most Linux systems run the same programs such as postfix, mysql, apache, openssh, etc.. and I know some distributions (like gentoo for example) which chmod it to 700 by default.. :) Wouldn't it be nice to add a default option for this in adduser.conf, like chmod=755? Since there seem to be more than just me asking for such feature. ;) Best regards, Jesper Wallin ps, thanks for all replies :D >> Sorry for my mistake - you use FreeBSD 5. The adduser command was changed >> to >> sh script in it. I do not use 5, so sorry again. >> >> If your /usr/sbin/adduser has in the start of lines 278 to 280 word >> "_pwcmd", add something like this after line 280: >> _pwcmd="$_pwcmd && chmod 700 $_home" >> >> Command stored in $_pwcmd is executed on line 282. The user should be >> added >> and homedir should be created. The addition above should chmod its homedir >> to 700 (drwx------) automatically. >> >> !!! AGAIN, NOT TESTED !!! >> >> Peter Rosa > > Just a quick correction, you'll want to chmod $uhome not $_home. Having > done that, you can consider your suggestion tested and working. > > Mark Magiera > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1357.213.112.198.199.1098562966.squirrel>