Hello.. I've asked this question before without getting any further help really.. When a new user is added using "adduser" on 5.x (havn't really checked if it's the same under 4.x or not), the default homedir permission is 755 (drwxr-xr-x) which to me, looks a bit insecure? It's of course pretty easy to solve it by a simple chmod, but yet, isn't there anyway to change the default chmod value? Last time I asked about this, people told me to check out the skel directory, but the only thing you can do in there is to change the default chmod value of the files/directories _in_ the homedir, not the chmod values of the actually homedir.. I would be glad if someone could give me further assistanse how do solve this without manually modifying the "adduser" script.. and if it this option doesn't exist, shouldn't it be added or is it just me who want my homedir secure from other users? ;) Best regards, Jesper Wallin
On Thu, 21 Oct 2004, Jesper Wallin wrote:> Hello.. > > I've asked this question before without getting any further help really.. > When a new user is added using "adduser" on 5.x (havn't really checked > if it's the same under 4.x or not), the default homedir permission is 755 > (drwxr-xr-x) which to me, looks a bit insecure? It's of course pretty easy > to solve it by a simple chmod, but yet, isn't there anyway to change the > default chmod value? Last time I asked about this, people told me to check > out the skel directory, but the only thing you can do in there is to change the > default chmod value of the files/directories _in_ the homedir, not the chmod > values of the actually homedir.. I would be glad if someone could give me > further assistanse how do solve this without manually modifying the "adduser" > script.. and if it this option doesn't exist, shouldn't it be added or is it just > me who want my homedir secure from other users? ;)By default, anyone can read a user's home directory, but because normally noone is in the user's default group except the user themselves, noone else can write to it. If a user wants to restrict access to their entire home directory, they can chmod their own home directory, but this is not really recommended. It's better that they should make a restricted sub-directory for any restricted content. That way they can create directories inside their home directory with permissions such that they allow collaboration with whichever group is appropriate. Andrew McNaughton -- No added Sugar. Not tested on animals. May contain traces of Nuts. If irritation occurs, discontinue use. ------------------------------------------------------------------- Andrew McNaughton Living in a shack in Tasmania andrew@scoop.co.nz Between the bush and the sea Mobile: +61 422 753 792 http://staff.scoop.co.nz/andrew/cv.doc http://www.scoop.co.nz/
"Jesper Wallin" <jesper@hackunite.net> wrote:> Hello.. > > I've asked this question before without getting any further help really.. > When a new user is added using "adduser" on 5.x (havn't really checked > if it's the same under 4.x or not), the default homedir permission is 755 > (drwxr-xr-x) which to me, looks a bit insecure? It's of course pretty easy > to solve it by a simple chmod, but yet, isn't there anyway to change the > default chmod value? Last time I asked about this, people told me to check > out the skel directory, but the only thing you can do in there is to change the > default chmod value of the files/directories _in_ the homedir, not the chmod > values of the actually homedir.. I would be glad if someone could give me > further assistanse how do solve this without manually modifying the "adduser" > script.. and if it this option doesn't exist, shouldn't it be added or is it just > me who want my homedir secure from other users? ;)The adduser script does not determine the permissions on the home directoyr. The pw command does that, adduser just calls pw. I don't know, but perhaps if you change the permissions on /usr/share/skel itself, the new directories created from it will have those permissions (I haven't tried this, so I could be wrong). pw doesn't seem to have an option to change the permissions on the home directory at creation time. Possibly an option could be added to adduser, that reads the desired permissions from adduser.conf and changes them after creation? -- Bill Moran Potential Technologies http://www.potentialtech.com
Hi, try to read /usr/sbin/adduser. It's perl script, not ELF, so you can change something there. In line 953 (FreeBSD 4.10) is this: mkdir($homedir, 755). Simple change it to 700 and you should be where you wanted. NOT TESTED !!!! Peter Rosa
Sorry for my mistake - you use FreeBSD 5. The adduser command was changed to sh script in it. I do not use 5, so sorry again. If your /usr/sbin/adduser has in the start of lines 278 to 280 word "_pwcmd", add something like this after line 280: _pwcmd="$_pwcmd && chmod 700 $_home" Command stored in $_pwcmd is executed on line 282. The user should be added and homedir should be created. The addition above should chmod its homedir to 700 (drwx------) automatically. !!! AGAIN, NOT TESTED !!! Peter Rosa P.S. This addition will be removed when you update your system. Try to find better way :-)))
On Thu, 21 Oct 2004, Jesper Wallin wrote:> I've asked this question before without getting any further help > really.. When a new user is added using "adduser" on 5.x (havn't really > checked if it's the same under 4.x or not), the default homedir > permission is 755 (drwxr-xr-x) which to me, looks a bit insecure? It's > of course pretty easy to solve it by a simple chmod, but yet, isn't > there anyway to change the default chmod value? Last time I asked about > this, people told me to check out the skel directory, but the only thing > you can do in there is to change the default chmod value of the > files/directories _in_ the homedir, not the chmod values of the actually > homedir.. I would be glad if someone could give me further assistanse > how do solve this without manually modifying the "adduser" script.. and > if it this option doesn't exist, shouldn't it be added or is it just me > who want my homedir secure from other users? ;)I'm a fan of creating "public", "public_html", and "private" directories in the user's home directory when their account is created, with appropriate permissions. That way I can just tell users "put the file in your private directory if you want it to be private". I use custom scripts for accounts here, but you may just be able to create those prototype directories in skel and have adduser do the right thing. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert@fledge.watson.org Principal Research Scientist, McAfee Research