Re: Standard file permissions for /usr/local
Given there is no context as to what these are and belong to the numbers below with the symbolic meaning are useless besides saying the system is Oops, thought I had that noted. They are sort | uniq -c of the permission column of find -ls. Blindly going through installed software with a massively large comb chmod -R anything=anything is a bad idea Bad idea? Not really, I amended my tree as shown. As you can see, I have about 80k files, 2k dirs and 2k links. All provided by 'packages'. And out of those, I only need one divergent perm, that being Xorg, not thousands. I've no sensitive files there. I don't need man to go around making catpages. Nor sticky dirs for games. Nor Schily's stuff in the bin group. Or polkit priviledges. Or whatever else. As any admin, I know the environment and files, so I'm good with the comb and pomade. And it makes linting installs, security checks and other things simpler if say you find / -perm +0044 and don't have to wade through say, symlinks set to go+w. Or have some other install fail because files aren't writeable. I amed it to reduce my working sets, and work, with other tools easier. And to making finding what changes out from under you easier, etc. No big deal, and not a debate about anyone's equally valid local usage. Maybe I should rephrase... is there something, or a movement within ports, to push mass gobs of files towards mode 0444 or 0644? A umask being set in the build system? An install flag? Or is this just the raw result of doing everything [1] unmodified umask 0022, tarring up the tbz's, and putting them on FTP? [1] Say, patch, ./configure, make, make install, hash +CONTENTS, tarball My experience with ./configure, make, make install of original upstream software releases, is that I think the majority of things end up as I've amended, without the amending. So I just wondered if there's a push in ports somewhere. Do you have anything relevant as to a particular port or package ? This was a stats analysis, so particulars do not apply. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Standard file permissions for /usr/local
Given a /usr/local populated only by ports (more specifically, packages), we have the following stats... /usr/local 54378 -r--r--r-- 1 -r-sr-xr-x 1505 -r-xr-xr-x 21790 -rw-r--r-- 9 -rw-rw-r-- 1 -rws--x--x 1 -rwsr-x--- 1 -rwsr-xr-- 4 -rwsr-xr-x 4 -rwxr-sr-x 3515 -rwxr-xr-x 1 drwx-- 6064 drwxr-xr-x 1 drwxrwsr-x 1638 lrwxr-xr-x 1 lrwxrwxrwx For /usr, we have... 24907 -r--r--r-- 4 -r-sr-sr-x 3 -r-sr-x--- 24 -r-sr-xr-x 8 -r-xr-sr-x 786 -r-xr-xr-x 2 -rw--- 8 -rw-r--r-- 1 -rwxr-xr-x 1284 drwxr-xr-x 1 drwxrwxrwt 947 lrwxr-xr-x 34 lrwxrwxrwx Am I to, or should I, believe that there is some standard or preference such that files should not have mode u+w? Let's take a look at etc' s 'configurables area' too... /usr/local/etc 198 -r--r--r-- 19 -r-xr-xr-x 40 -rw-r--r-- 1 drwx-- 77 drwxr-xr-x 16 lrwxr-xr-x /etc 25 -r--r--r-- 1 -r-x-- 153 -r-xr-xr-x 20 -rw--- 1 -rw-r- 121 -rw-r--r-- 1 -rw-rw-r-- 6 -rwx-- 57 -rwxr-xr-x 2 drwx-- 25 drwxr-xr-x 3 lrwxr-xr-x 4 lrwxrwxrwx Now see that I have amended my /usr/local perms after install such that root can more easily manage that tree. (I could have just as easily conformed it to u-w). 76179 -rw-r--r-- 1 -rwsr-xr-x 5029 -rwxr-xr-x 6066 drwxr-xr-x 1639 lrwxr-xr-x I don't see the point in making things mode u-w? 'Security' cannot be the case, as even setting dirs u-w, schg, capabilities, read-only mount, etc will make no difference... for root, it's only annoying for a moment. What standard / guide am I missing that says u-w is the way (for at least the large majority of the files in the first two counts above)? ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Standard file permissions for /usr/local
On Jul 7, 2012 11:02 PM, grarpamp grarp...@gmail.com wrote: Given a /usr/local populated only by ports (more specifically, packages), we have the following stats... /usr/local 54378 -r--r--r-- 1 -r-sr-xr-x 1505 -r-xr-xr-x 21790 -rw-r--r-- 9 -rw-rw-r-- 1 -rws--x--x 1 -rwsr-x--- 1 -rwsr-xr-- 4 -rwsr-xr-x 4 -rwxr-sr-x 3515 -rwxr-xr-x 1 drwx-- 6064 drwxr-xr-x 1 drwxrwsr-x 1638 lrwxr-xr-x 1 lrwxrwxrwx For /usr, we have... 24907 -r--r--r-- 4 -r-sr-sr-x 3 -r-sr-x--- 24 -r-sr-xr-x 8 -r-xr-sr-x 786 -r-xr-xr-x 2 -rw--- 8 -rw-r--r-- 1 -rwxr-xr-x 1284 drwxr-xr-x 1 drwxrwxrwt 947 lrwxr-xr-x 34 lrwxrwxrwx Am I to, or should I, believe that there is some standard or preference such that files should not have mode u+w? Let's take a look at etc' s 'configurables area' too... /usr/local/etc 198 -r--r--r-- 19 -r-xr-xr-x 40 -rw-r--r-- 1 drwx-- 77 drwxr-xr-x 16 lrwxr-xr-x /etc 25 -r--r--r-- 1 -r-x-- 153 -r-xr-xr-x 20 -rw--- 1 -rw-r- 121 -rw-r--r-- 1 -rw-rw-r-- 6 -rwx-- 57 -rwxr-xr-x 2 drwx-- 25 drwxr-xr-x 3 lrwxr-xr-x 4 lrwxrwxrwx Now see that I have amended my /usr/local perms after install such that root can more easily manage that tree. (I could have just as easily conformed it to u-w). 76179 -rw-r--r-- 1 -rwsr-xr-x 5029 -rwxr-xr-x 6066 drwxr-xr-x 1639 lrwxr-xr-x I don't see the point in making things mode u-w? 'Security' cannot be the case, as even setting dirs u-w, schg, capabilities, read-only mount, etc will make no difference... for root, it's only annoying for a moment. What standard / guide am I missing that says u-w is the way (for at least the large majority of the files in the first two counts above)? It's pointless having most files u+w, since they won't be edited, but soonish I'm told that http://bugs.freebsd.org/157168 should be committed, which will make conf files u+w. Chris ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Standard file permissions for /usr/local
It's pointless having most files u+w, since they won't be edited I suggest that for various management purposes, it is not pointless, and if not u+w, it's otherwise annoying. drwxr-xr-x 10 root wheel 512 Jul 7 18:43 . -r--r--r-- 1 root wheel 0 Jul 7 18:43 1 -r--r--r-- 1 root wheel 0 Jul 7 18:43 2 /bin/cp 1 2 cp: 2: Permission denied I 'fixed' my tree, so not that I care, just curious as to what standard or non nonsecurity rationale I may be missing. ___ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to freebsd-ports-unsubscr...@freebsd.org
Re: Standard file permissions for /usr/local
In this whole thread I don't any relation as to what perms are on what directory ... which inherently makes the whole point mud. What is actually trying to be accomplished here? Given there is no context as to what these are and belong to the numbers below with the symbolic meaning are useless besides saying the system is being populated and things are different. Also having a standard for file permissions is nearly irrelevent with the exceptions to specific areas of the filesytem like documents can easily be said needing to be 'a=rX' /usr/local/share/doc ... examples etc. Blindly going through installed software with a massively large comb chmod -R anything=anything is a bad idea. packages and ports need to be singly identified and looked at more closely as to whether they are doing the right thing. Do you have anything relevant as to a particular port or package ? On Sat, Jul 07, 2012 at 11:39:24PM +0100, Chris Rees wrote: On Jul 7, 2012 11:02 PM, grarpamp grarp...@gmail.com wrote: Given a /usr/local populated only by ports (more specifically, packages), we have the following stats... /usr/local 54378 -r--r--r-- 1 -r-sr-xr-x 1505 -r-xr-xr-x 21790 -rw-r--r-- 9 -rw-rw-r-- 1 -rws--x--x 1 -rwsr-x--- 1 -rwsr-xr-- 4 -rwsr-xr-x 4 -rwxr-sr-x 3515 -rwxr-xr-x 1 drwx-- 6064 drwxr-xr-x 1 drwxrwsr-x 1638 lrwxr-xr-x 1 lrwxrwxrwx For /usr, we have... 24907 -r--r--r-- 4 -r-sr-sr-x 3 -r-sr-x--- 24 -r-sr-xr-x 8 -r-xr-sr-x 786 -r-xr-xr-x 2 -rw--- 8 -rw-r--r-- 1 -rwxr-xr-x 1284 drwxr-xr-x 1 drwxrwxrwt 947 lrwxr-xr-x 34 lrwxrwxrwx Am I to, or should I, believe that there is some standard or preference such that files should not have mode u+w? Let's take a look at etc' s 'configurables area' too... /usr/local/etc 198 -r--r--r-- 19 -r-xr-xr-x 40 -rw-r--r-- 1 drwx-- 77 drwxr-xr-x 16 lrwxr-xr-x /etc 25 -r--r--r-- 1 -r-x-- 153 -r-xr-xr-x 20 -rw--- 1 -rw-r- 121 -rw-r--r-- 1 -rw-rw-r-- 6 -rwx-- 57 -rwxr-xr-x 2 drwx-- 25 drwxr-xr-x 3 lrwxr-xr-x 4 lrwxrwxrwx Now see that I have amended my /usr/local perms after install such that root can more easily manage that tree. (I could have just as easily conformed it to u-w). 76179 -rw-r--r-- 1 -rwsr-xr-x 5029 -rwxr-xr-x 6066 drwxr-xr-x 1639 lrwxr-xr-x I don't see the point in making things mode u-w? 'Security' cannot be the case, as even setting dirs u-w, schg, capabilities, read-only mount, etc will make no difference... for root, it's only annoying for a moment. What standard / guide am I missing that says u-w is the way (for at least the large majority of the files in the first two counts above)? It's pointless having most files u+w, since they won't be edited, but soonish I'm told that http://bugs.freebsd.org/157168 should be committed, which will make conf files u+w. -- - (2^(N-1)) pgpxHtXHndvge.pgp Description: PGP signature