Date: Fri, 22 Oct 2004 09:55:12 -0400 From: Bill Moran <wmoran@potentialtech.com> To: "Jesper Wallin" <jesper@hackunite.net> Cc: freebsd-security@freebsd.org Subject: Re: Default permissions of /home/user.. Message-ID: <20041022095512.31d991ae.wmoran@potentialtech.com> In-Reply-To: <1323.213.112.198.199.1098388008.squirrel@mail.hackunite.net> References: <1323.213.112.198.199.1098388008.squirrel@mail.hackunite.net>
next in thread | previous in thread | raw e-mail | index | archive | help
"Jesper Wallin" <jesper@hackunite.net> wrote: > Hello.. > > I've asked this question before without getting any further help really.. > When a new user is added using "adduser" on 5.x (havn't really checked > if it's the same under 4.x or not), the default homedir permission is 755 > (drwxr-xr-x) which to me, looks a bit insecure? It's of course pretty easy > to solve it by a simple chmod, but yet, isn't there anyway to change the > default chmod value? Last time I asked about this, people told me to check > out the skel directory, but the only thing you can do in there is to change the > default chmod value of the files/directories _in_ the homedir, not the chmod > values of the actually homedir.. I would be glad if someone could give me > further assistanse how do solve this without manually modifying the "adduser" > script.. and if it this option doesn't exist, shouldn't it be added or is it just > me who want my homedir secure from other users? ;) The adduser script does not determine the permissions on the home directoyr. The pw command does that, adduser just calls pw. I don't know, but perhaps if you change the permissions on /usr/share/skel itself, the new directories created from it will have those permissions (I haven't tried this, so I could be wrong). pw doesn't seem to have an option to change the permissions on the home directory at creation time. Possibly an option could be added to adduser, that reads the desired permissions from adduser.conf and changes them after creation? -- Bill Moran Potential Technologies http://www.potentialtech.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041022095512.31d991ae.wmoran>