Default permissions of /home/user..

[Jesper Wallin]

Hello..

Sure, this works nice.. but yet, I did have to modify /usr/sbin/adduser .. Also, some of
you said it's bad having a homedir chmod 700, how come? Let's say I use the account for
coding, IRC perhaps, mail, etc.. none of those things require more access than 700? All
I can think of is public_html which need o+x so nobody and/or www can access that
directory.. I know, FreeBSD isn't Linux but most Linux systems run the same programs
such as postfix, mysql, apache, openssh, etc.. and I know some distributions (like
gentoo for example) which chmod it to 700 by default.. :)

Wouldn't it be nice to add a default option for this in adduser.conf, like chmod=755?
Since there seem to be more than just me asking for such feature. ;)


Best regards,
Jesper Wallin

ps, thanks for all replies :D

>> Sorry for my mistake - you use FreeBSD 5. The adduser command was changed
>> to
>> sh script in it. I do not use 5, so sorry again.
>>
>> If your /usr/sbin/adduser has in the start of lines 278 to 280 word
>> "_pwcmd", add something like this after line 280:
>> _pwcmd="$_pwcmd && chmod 700 $_home"
>>
>> Command stored in $_pwcmd is executed on line 282. The user should be
>> added
>> and homedir should be created. The addition above should chmod its homedir
>> to 700 (drwx------) automatically.
>>
>> !!! AGAIN, NOT TESTED !!!
>>
>> Peter Rosa
>
> Just a quick correction, you'll want to chmod $uhome not $_home. Having
> done that, you can consider your suggestion tested and working.
>
> Mark Magiera
>
> _______________________________________________
> freebsd-security at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org"
>