Re: A very 'trivial' question about /root
Julian H. Stacey berklix.com> writes: > > jb.1234abcd gmail.com 's ref to > https://bugzilla.redhat.com/show_bug.cgi?id=578470 > relates to Linux upgrade procedures & /root > I don't see it affects how we should perceive an idealised Unix. > The upgrade was a canary that told the user there is a problem. The idealized UNIX is standardized. According to Filesystem Hierarchy Standard (FHS), a UNIX standard: " /root : Home directory for the root user (optional) Purpose The root account's home directory may be determined by developer or local preference, but this is the recommended default location. [17] [17] If the home directory of the root account is not stored on the root partition it will be necessary to make certain it will default to / if it can not be located. " The above means that there has to be implied equivalency and consistency of permisssions between /root and / in order to ensure trouble-free operation of any process that may rely on any of them. That Linux case I referred to was a case about a system that relied on the above 0755 setup for /root dir, with an interesting twist of having it as a dummy account/dir for consistency, but having other accounts play the role of a superuser. Another example: some app (perhaps an installer) runs as non-root (e.g. Apache) user and needs to be able to read the root ssh public key from /root dir. There could be many such apps, accessing a front-end system, having to check for permission in /root dir for whatever they want to do, anywhere in sys admin, remote control, management, installation, etc areas. By changing this default you may ambush many unsuspecting users. jb ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: A very 'trivial' question about /root
Polytropon writes: > On Fri, 28 Jun 2013 15:25:44 +0200, Julian H. Stacey wrote: >> ( I'd guess OpenBSD might go for a tighter /root though, as they're >> supposedly keen on security. ) > > Currently I've got no OpenBSD installation at hand to verify, > but I _assume_ they still have the same defaults as FreeBSD > regarding permissions of /root. That's correct. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: A very 'trivial' question about /root
On Fri, 28 Jun 2013 15:25:44 +0200, Julian H. Stacey wrote: > Before we might ask (via send-pr) for it to be commited, > we should various of us run > chmod 750 /root;chown root:wheel /root > & give it a couple of months to see if problems. Done years ago: drwxr-x--- 7 root wheel 512 2013-04-05 21:42:34 /root/ System has been installed in August 2011. No problems so far. :-) > ( I'd guess OpenBSD might go for a tighter /root though, as they're > supposedly keen on security. ) Currently I've got no OpenBSD installation at hand to verify, but I _assume_ they still have the same defaults as FreeBSD regarding permissions of /root. > > if it leads to programs and daemons that > > would otherwise run as nobody having to run with root priviledges. > > Good point, we should be cautious, best if lots of us try chmod 750 /root > for a couple of months & see if any burnt fingers. What programs or daemons should attention be paid at, especially? -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: A very 'trivial' question about /root
Hi, Reference: > From: ASV > Date: Fri, 28 Jun 2013 10:10:02 +0200 [ I jhs@ reverted asv@'s top post to bottom post ] > > On Fri, 2013-06-28 at 01:47 +0200, Julian H. Stacey wrote: > > Hi, Reference: > > > From: ASV > > > Date: Thu, 27 Jun 2013 21:39:20 +0200 > > > > ASV wrote: > > > Thanks for your reply Polytropon, > > > > > > I'm using FreeBSD since few years already and I'm kind of aware of the > > > "dynamics" related to permissions, many of them are common to many > > > Unices. > > > I agree that the installer doesn't put anything secret but as a home dir > > > for the root user it's highly likely that something not intended to be > > > publicly readable will end up there soon after the installation. > > > Which IMHO it's true also for any other user homedir which gets created > > > by default using a pretty relaxed umask 022, but that seems to be the > > > default on probably any other UNIX like system I've put my hands on > > > AFAIR. > > > > > > Don't get me wrong, since I use FreeBSD I'm just in love with it. Mine > > > is just a concern about these permission defaults which look to me a bit > > > too relaxed and cannot find yet a reason why not to restrict it. > > > After all I believe having good default settings may make the difference > > > in some circumstances and/or save time. > > > > > > On Thu, 2013-06-27 at 04:58 +0200, Polytropon wrote: > > > > On Wed, 26 Jun 2013 23:34:41 +0200, ASV wrote: > > > > > There's any reason (and should be a fairly good one) why the /root > > > > > directory permissions by default are set to 755 (for sure on releases > > > > > 8.0/8.1/9.0/9.1) > > > > > > > > This is the default permission for user directories, as root > > > > is considered a user in this (special) case, and /root is its > > > > home directory. The installer does not put anything "secret" > > > > in there, but _you_ might, so there should be no issue changing > > > > it to a more restricted access permission. > > > > > > > > Hint: When a directory is r-x for "other", then it will be > > > > indexed by the locate periodic job, so users could use the > > > > locate command (and also find) to look what's in there. If > > > > this is not desired, change to rwx/---/---, or rwx/r-x/--- > > > > if you want to allow (trusted) users of the "wheel" group > > > > to read and execute stuff from that directory (maybe homemade > > > > admin scripts in /root/bin that should not be "public"). > > > > > > > > There are few things that touch /root content. System updating > > > > might be one of them, but as it is typically run as root (and > > > > even in SUM), restrictive permissions above the default are > > > > no problem. > > > > > > > > To summarize the answer for your question: It's just the default. :-) > > > > I'll play Devil's advocate for a moment ;-) > > > > One reason not to tighten ~root is because one might want > > ~root/httpuserfile to be readable by httpd to access the crypted > > passwords of locked web page. ... ;-) > > > > No not really, that's perverted, I wouldn't reccomend an > > http://localhost/~root/ regardless of password locked pages or not. > > > > But it shows how lateral head scratching might be > > appropriate before removing read perms on ~root/ . > > > > { A bit like wrong ownership on / can surprisingly kill AMD NFS > > access } ... some unexpected constraints can take some thinking > > through, It might be quickest for a number of us to just try chmod > > 700 ~root for a while & see if we get trouble. > > > > Cheers, > > Julian > ASV wrote: > Hi Julian, > you played Devil's advocate well actually as I don't know which idea > would be more audacious, letting httpd access files from your root dir > or exporting /root via nfs. :) > Both of them sound more like a lab scenario than a real one. > > I understand that launching a "chmod 700 /root" it's a matter of > something between 1 and 3 seconds. I do also understand that I had /root > closed for long time and never had the need to set permissions back > loose and this triggered my point. > Why is it that open? :) Here is a patch: http://www.berklix.com/~jhs/src/bsd/fixes/FreeBSD/src/gen/etc/mtree/BSD.root.dist.REL=ALL.diff Before we might ask (via send-pr) for it to be commited, we should various of us run chmod 750 /root;chown root:wheel /root & give it a couple of months to see if problems. I doubt there will be a problem with /root/.forward , as lrwxr-xr-x 1 root wheel /usr/sbin/sendmail -> /usr/sbin/mailwrapper -r-xr-xr-x 1 root wheel /usr/sbin/mailwrapper jb.1234a...@gmail.com 's ref to https://bugzilla.redhat.com/show_bug.cgi?id=578470 relates to Linux upgrade procedures & /root I don't see it affects how we should perceive an idealised Unix. ( I'd guess OpenBSD might go for a tighter /root though, as they're supposedly keen on security. ) Daniel Feenberg wrote: > A diskless FreeBSD will use an NFS
Re: A very 'trivial' question about /root
On Fri, 28 Jun 2013, ASV wrote: Hi Julian, you played Devil's advocate well actually as I don't know which idea would be more audacious, letting httpd access files from your root dir or exporting /root via nfs. :) Both of them sound more like a lab scenario than a real one. A diskless FreeBSD will use an NFS-mounted /root. See: http://www.freebsd.org/doc/handbook/network-diskless.html http://www.nber.org/sys-admin/FreeBSD-diskless.html So it is more than a theoretical possibility. I would also add that putting stricter permissions on perfectly public information may not lead to improved security, if it leads to programs and daemons that would otherwise run as nobody having to run with root priviledges. daniel feenberg I understand that launching a "chmod 700 /root" it's a matter of something between 1 and 3 seconds. I do also understand that I had /root closed for long time and never had the need to set permissions back loose and this triggered my point. Why is it that open? :) On Fri, 2013-06-28 at 01:47 +0200, Julian H. Stacey wrote: Hi, Reference: From: ASV Date: Thu, 27 Jun 2013 21:39:20 +0200 ASV wrote: Thanks for your reply Polytropon, I'm using FreeBSD since few years already and I'm kind of aware of the "dynamics" related to permissions, many of them are common to many Unices. I agree that the installer doesn't put anything secret but as a home dir for the root user it's highly likely that something not intended to be publicly readable will end up there soon after the installation. Which IMHO it's true also for any other user homedir which gets created by default using a pretty relaxed umask 022, but that seems to be the default on probably any other UNIX like system I've put my hands on AFAIR. Don't get me wrong, since I use FreeBSD I'm just in love with it. Mine is just a concern about these permission defaults which look to me a bit too relaxed and cannot find yet a reason why not to restrict it. After all I believe having good default settings may make the difference in some circumstances and/or save time. On Thu, 2013-06-27 at 04:58 +0200, Polytropon wrote: On Wed, 26 Jun 2013 23:34:41 +0200, ASV wrote: There's any reason (and should be a fairly good one) why the /root directory permissions by default are set to 755 (for sure on releases 8.0/8.1/9.0/9.1) This is the default permission for user directories, as root is considered a user in this (special) case, and /root is its home directory. The installer does not put anything "secret" in there, but _you_ might, so there should be no issue changing it to a more restricted access permission. Hint: When a directory is r-x for "other", then it will be indexed by the locate periodic job, so users could use the locate command (and also find) to look what's in there. If this is not desired, change to rwx/---/---, or rwx/r-x/--- if you want to allow (trusted) users of the "wheel" group to read and execute stuff from that directory (maybe homemade admin scripts in /root/bin that should not be "public"). There are few things that touch /root content. System updating might be one of them, but as it is typically run as root (and even in SUM), restrictive permissions above the default are no problem. To summarize the answer for your question: It's just the default. :-) I'll play Devil's advocate for a moment ;-) One reason not to tighten ~root is because one might want ~root/httpuserfile to be readable by httpd to access the crypted passwords of locked web page. ... ;-) No not really, that's perverted, I wouldn't reccomend an http://localhost/~root/ regardless of password locked pages or not. But it shows how lateral head scratching might be appropriate before removing read perms on ~root/ . { A bit like wrong ownership on / can surprisingly kill AMD NFS access } ... some unexpected constraints can take some thinking through, It might be quickest for a number of us to just try chmod 700 ~root for a while & see if we get trouble. Cheers, Julian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: A very 'trivial' question about /root
Hi Julian, you played Devil's advocate well actually as I don't know which idea would be more audacious, letting httpd access files from your root dir or exporting /root via nfs. :) Both of them sound more like a lab scenario than a real one. I understand that launching a "chmod 700 /root" it's a matter of something between 1 and 3 seconds. I do also understand that I had /root closed for long time and never had the need to set permissions back loose and this triggered my point. Why is it that open? :) On Fri, 2013-06-28 at 01:47 +0200, Julian H. Stacey wrote: > Hi, Reference: > > From: ASV > > Date: Thu, 27 Jun 2013 21:39:20 +0200 > > ASV wrote: > > Thanks for your reply Polytropon, > > > > I'm using FreeBSD since few years already and I'm kind of aware of the > > "dynamics" related to permissions, many of them are common to many > > Unices. > > I agree that the installer doesn't put anything secret but as a home dir > > for the root user it's highly likely that something not intended to be > > publicly readable will end up there soon after the installation. > > Which IMHO it's true also for any other user homedir which gets created > > by default using a pretty relaxed umask 022, but that seems to be the > > default on probably any other UNIX like system I've put my hands on > > AFAIR. > > > > Don't get me wrong, since I use FreeBSD I'm just in love with it. Mine > > is just a concern about these permission defaults which look to me a bit > > too relaxed and cannot find yet a reason why not to restrict it. > > After all I believe having good default settings may make the difference > > in some circumstances and/or save time. > > > > On Thu, 2013-06-27 at 04:58 +0200, Polytropon wrote: > > > On Wed, 26 Jun 2013 23:34:41 +0200, ASV wrote: > > > > There's any reason (and should be a fairly good one) why the /root > > > > directory permissions by default are set to 755 (for sure on releases > > > > 8.0/8.1/9.0/9.1) > > > > > > This is the default permission for user directories, as root > > > is considered a user in this (special) case, and /root is its > > > home directory. The installer does not put anything "secret" > > > in there, but _you_ might, so there should be no issue changing > > > it to a more restricted access permission. > > > > > > Hint: When a directory is r-x for "other", then it will be > > > indexed by the locate periodic job, so users could use the > > > locate command (and also find) to look what's in there. If > > > this is not desired, change to rwx/---/---, or rwx/r-x/--- > > > if you want to allow (trusted) users of the "wheel" group > > > to read and execute stuff from that directory (maybe homemade > > > admin scripts in /root/bin that should not be "public"). > > > > > > There are few things that touch /root content. System updating > > > might be one of them, but as it is typically run as root (and > > > even in SUM), restrictive permissions above the default are > > > no problem. > > > > > > To summarize the answer for your question: It's just the default. :-) > > I'll play Devil's advocate for a moment ;-) > > One reason not to tighten ~root is because one might want > ~root/httpuserfile to be readable by httpd to access the crypted > passwords of locked web page. ... ;-) > > No not really, that's perverted, I wouldn't reccomend an > http://localhost/~root/ regardless of password locked pages or not. > > But it shows how lateral head scratching might be > appropriate before removing read perms on ~root/ . > > { A bit like wrong ownership on / can surprisingly kill AMD NFS > access } ... some unexpected constraints can take some thinking > through, It might be quickest for a number of us to just try chmod > 700 ~root for a while & see if we get trouble. > > Cheers, > Julian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: A very 'trivial' question about /root
ASV inhio.eu> writes: > > Mine > is just a concern about these permission defaults which look to me a bit > too relaxed and cannot find yet a reason why not to restrict it. > After all I believe having good default settings may make the difference > in some circumstances and/or save time. I think the 0755 permissions for /root are correct as default. If you are concerned about "others", you harden it to 0750 (after all you are the boos, the "root", anyway). Otherwise, you may create conditions which cause trouble for others, for example: https://bugzilla.redhat.com/show_bug.cgi?id=578470 jb ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: A very 'trivial' question about /root
Hi, Reference: > From: ASV > Date: Thu, 27 Jun 2013 21:39:20 +0200 ASV wrote: > Thanks for your reply Polytropon, > > I'm using FreeBSD since few years already and I'm kind of aware of the > "dynamics" related to permissions, many of them are common to many > Unices. > I agree that the installer doesn't put anything secret but as a home dir > for the root user it's highly likely that something not intended to be > publicly readable will end up there soon after the installation. > Which IMHO it's true also for any other user homedir which gets created > by default using a pretty relaxed umask 022, but that seems to be the > default on probably any other UNIX like system I've put my hands on > AFAIR. > > Don't get me wrong, since I use FreeBSD I'm just in love with it. Mine > is just a concern about these permission defaults which look to me a bit > too relaxed and cannot find yet a reason why not to restrict it. > After all I believe having good default settings may make the difference > in some circumstances and/or save time. > > On Thu, 2013-06-27 at 04:58 +0200, Polytropon wrote: > > On Wed, 26 Jun 2013 23:34:41 +0200, ASV wrote: > > > There's any reason (and should be a fairly good one) why the /root > > > directory permissions by default are set to 755 (for sure on releases > > > 8.0/8.1/9.0/9.1) > > > > This is the default permission for user directories, as root > > is considered a user in this (special) case, and /root is its > > home directory. The installer does not put anything "secret" > > in there, but _you_ might, so there should be no issue changing > > it to a more restricted access permission. > > > > Hint: When a directory is r-x for "other", then it will be > > indexed by the locate periodic job, so users could use the > > locate command (and also find) to look what's in there. If > > this is not desired, change to rwx/---/---, or rwx/r-x/--- > > if you want to allow (trusted) users of the "wheel" group > > to read and execute stuff from that directory (maybe homemade > > admin scripts in /root/bin that should not be "public"). > > > > There are few things that touch /root content. System updating > > might be one of them, but as it is typically run as root (and > > even in SUM), restrictive permissions above the default are > > no problem. > > > > To summarize the answer for your question: It's just the default. :-) I'll play Devil's advocate for a moment ;-) One reason not to tighten ~root is because one might want ~root/httpuserfile to be readable by httpd to access the crypted passwords of locked web page. ... ;-) No not really, that's perverted, I wouldn't reccomend an http://localhost/~root/ regardless of password locked pages or not. But it shows how lateral head scratching might be appropriate before removing read perms on ~root/ . { A bit like wrong ownership on / can surprisingly kill AMD NFS access } ... some unexpected constraints can take some thinking through, It might be quickest for a number of us to just try chmod 700 ~root for a while & see if we get trouble. Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultant, Munich http://berklix.com Reply below not above, like a play script. Indent old text with "> ". Send plain text. No quoted-printable, HTML, base64, multipart/alternative. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: A very 'trivial' question about /root
Thanks for your reply Polytropon, I'm using FreeBSD since few years already and I'm kind of aware of the "dynamics" related to permissions, many of them are common to many Unices. I agree that the installer doesn't put anything secret but as a home dir for the root user it's highly likely that something not intended to be publicly readable will end up there soon after the installation. Which IMHO it's true also for any other user homedir which gets created by default using a pretty relaxed umask 022, but that seems to be the default on probably any other UNIX like system I've put my hands on AFAIR. Don't get me wrong, since I use FreeBSD I'm just in love with it. Mine is just a concern about these permission defaults which look to me a bit too relaxed and cannot find yet a reason why not to restrict it. After all I believe having good default settings may make the difference in some circumstances and/or save time. On Thu, 2013-06-27 at 04:58 +0200, Polytropon wrote: > On Wed, 26 Jun 2013 23:34:41 +0200, ASV wrote: > > There's any reason (and should be a fairly good one) why the /root > > directory permissions by default are set to 755 (for sure on releases > > 8.0/8.1/9.0/9.1) > > This is the default permission for user directories, as root > is considered a user in this (special) case, and /root is its > home directory. The installer does not put anything "secret" > in there, but _you_ might, so there should be no issue changing > it to a more restricted access permission. > > Hint: When a directory is r-x for "other", then it will be > indexed by the locate periodic job, so users could use the > locate command (and also find) to look what's in there. If > this is not desired, change to rwx/---/---, or rwx/r-x/--- > if you want to allow (trusted) users of the "wheel" group > to read and execute stuff from that directory (maybe homemade > admin scripts in /root/bin that should not be "public"). > > There are few things that touch /root content. System updating > might be one of them, but as it is typically run as root (and > even in SUM), restrictive permissions above the default are > no problem. > > To summarize the answer for your question: It's just the default. :-) > > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: A very 'trivial' question about /root
On Wed, 26 Jun 2013 23:34:41 +0200, ASV wrote: > There's any reason (and should be a fairly good one) why the /root > directory permissions by default are set to 755 (for sure on releases > 8.0/8.1/9.0/9.1) This is the default permission for user directories, as root is considered a user in this (special) case, and /root is its home directory. The installer does not put anything "secret" in there, but _you_ might, so there should be no issue changing it to a more restricted access permission. Hint: When a directory is r-x for "other", then it will be indexed by the locate periodic job, so users could use the locate command (and also find) to look what's in there. If this is not desired, change to rwx/---/---, or rwx/r-x/--- if you want to allow (trusted) users of the "wheel" group to read and execute stuff from that directory (maybe homemade admin scripts in /root/bin that should not be "public"). There are few things that touch /root content. System updating might be one of them, but as it is typically run as root (and even in SUM), restrictive permissions above the default are no problem. To summarize the answer for your question: It's just the default. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: A very 'trivial' question about /root
ASV writes: > This is a very 'trivial' question but it's bugging me since quite a > while now so I gotta ask. > > There's any reason (and should be a fairly good one) why the /root > directory permissions by default are set to 755 (for sure on releases > 8.0/8.1/9.0/9.1) By default, there's nothing secret in there, so 755 makes sense to me. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: A very 'trivial' question about /root
On 06/26/13 15:47, Ayan George wrote: > ASV: >> This is a very 'trivial' question but it's bugging me since quite a >> while now so I gotta ask. >> >> There's any reason (and should be a fairly good one) why the /root >> directory permissions by default are set to 755 (for sure on releases >> 8.0/8.1/9.0/9.1) >> > I imagine / needs those permissions during installation but maybe they > should be changed to something more desirable at post-install. What > would you suggest -- maybe 555? > > -ayan > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" > Just a mention, I set /root to 700 and haven't seen any issues to date. r ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: A very 'trivial' question about /root
ASV: > This is a very 'trivial' question but it's bugging me since quite a > while now so I gotta ask. > > There's any reason (and should be a fairly good one) why the /root > directory permissions by default are set to 755 (for sure on releases > 8.0/8.1/9.0/9.1) > I imagine / needs those permissions during installation but maybe they should be changed to something more desirable at post-install. What would you suggest -- maybe 555? -ayan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"