Re: Default user directory (adduser) filemode

Thu, 13 Sep 2001 06:47:34 -0700 

Sounds reasonable...  But sysinstall --> UserAdd doesn't
use the adduser Perl script, but the pw command.
Just MHO, but I think the defaults are too "loose," not
well-documented, and not easily auditable.

Should I file a PR, maybe?

CC'ing to -security...

-kc

>Date: Thu, 13 Sep 2001 09:56:22 -0400
>From: Chip Norkus <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Re: Default user directory (adduser) filemode
>
>On Thu Sep 13, 2001; 06:42AM -0700 Mike Harding used 1.4K bytes
>of bandwidth to send the following:
>> 'adduser' is a perl script, search it for '755' and you will find
>> where the permissions are set, it's trivial to change in the source,
>> although logically this could be a configuration parameter.  The
>> script is in /usr/sbin/adduser.
>
>Additionally, if you change your umask, mkdir(2) (which is what is used by
>adduser) will be restricted.  So, if you want files created to be completely
>restricted from group/other access, you might do:
># (umask 077;adduser)
>A more useful value (especially if you are supporting something like
>'public_html' in user directories) would be a umask of 066, or maybe even
>026.
>
>For more info see `man 2 umask` and `man chmod`.
>
>> - Mike H.
>> 
>>    Date: Thu, 13 Sep 2001 09:17:51 -0400 (EDT)
>>    From: Kenneth W Cochran <[EMAIL PROTECTED]>
>>    Sender: [EMAIL PROTECTED]
>>    List-ID: <freebsd-stable.FreeBSD.ORG>
>>    List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
>>    List-Help: <mailto:[EMAIL PROTECTED]?subject=help> (List Instructions)
>>    List-Subscribe: <mailto:[EMAIL PROTECTED]?subject=subscribe%20freebsd-stable>
>>    List-Unsubscribe: 
><mailto:[EMAIL PROTECTED]?subject=unsubscribe%20freebsd-stable>
>>    X-Loop: FreeBSD.ORG
>>    Precedence: bulk
>> 
>>    Hello -stable:
>> 
>>    I notice that when I add a user to FreeBSD, either from adduser
>>    or from /stand/sysinstall --> UserAdd(sp?), the default filemode
>>    of the user's home directory is 755.  So far, I can't find
>>    (something like) a config-option for this (i.e., in
>>    /etc/adduser.conf).  Is this a bug or a feature(tm)?  :)
>> 
>>    OS is -stable (RELENG_4), as of 8 September 2001.
>> 
>>    Thanks,
>> 
>>    -kc

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message

Reply via email to