On Thu, Sep 13, 2001 at 10:13:52AM -0400, Kenneth W Cochran wrote:
> Sounds reasonable... But sysinstall --> UserAdd doesn't
> use the adduser Perl script, but the pw command.
> Just MHO, but I think the defaults are too "loose," not
> well-documented, and not easily auditable.
>
> Should I file a PR, maybe?
>
> CC'ing to -security...
For adduser(8), you could try a patch that I wrote up a couple of weeks
ago; it's at http://people.FreeBSD.org/~roam/bsd/adduser-mode-RELENG_4.patch.gz
For pw(8), however, things are more complicated - including the fact that
pw(8) has no default configuration store.
G'luck,
Peter
--
This sentence every third, but it still comprehensible.
> >Date: Thu, 13 Sep 2001 09:56:22 -0400
> >From: Chip Norkus <[EMAIL PROTECTED]>
> >To: [EMAIL PROTECTED]
> >Subject: Re: Default user directory (adduser) filemode
> >
> >On Thu Sep 13, 2001; 06:42AM -0700 Mike Harding used 1.4K bytes
> >of bandwidth to send the following:
> >> 'adduser' is a perl script, search it for '755' and you will find
> >> where the permissions are set, it's trivial to change in the source,
> >> although logically this could be a configuration parameter. The
> >> script is in /usr/sbin/adduser.
> >
> >Additionally, if you change your umask, mkdir(2) (which is what is used by
> >adduser) will be restricted. So, if you want files created to be completely
> >restricted from group/other access, you might do:
> ># (umask 077;adduser)
> >A more useful value (especially if you are supporting something like
> >'public_html' in user directories) would be a umask of 066, or maybe even
> >026.
> >
> >For more info see `man 2 umask` and `man chmod`.
> >
> >> - Mike H.
> >>
> >> Date: Thu, 13 Sep 2001 09:17:51 -0400 (EDT)
> >> From: Kenneth W Cochran <[EMAIL PROTECTED]>
> >> Sender: [EMAIL PROTECTED]
> >> List-ID: <freebsd-stable.FreeBSD.ORG>
> >> List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
> >> List-Help: <mailto:[EMAIL PROTECTED]?subject=help> (List Instructions)
> >> List-Subscribe:
><mailto:[EMAIL PROTECTED]?subject=subscribe%20freebsd-stable>
> >> List-Unsubscribe:
><mailto:[EMAIL PROTECTED]?subject=unsubscribe%20freebsd-stable>
> >> X-Loop: FreeBSD.ORG
> >> Precedence: bulk
> >>
> >> Hello -stable:
> >>
> >> I notice that when I add a user to FreeBSD, either from adduser
> >> or from /stand/sysinstall --> UserAdd(sp?), the default filemode
> >> of the user's home directory is 755. So far, I can't find
> >> (something like) a config-option for this (i.e., in
> >> /etc/adduser.conf). Is this a bug or a feature(tm)? :)
> >>
> >> OS is -stable (RELENG_4), as of 8 September 2001.
> >>
> >> Thanks,
> >>
> >> -kc
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
