Re: /root default permisions
On 2004-09-15 11:24, Dick Davies <[EMAIL PROTECTED]> wrote: >* Matthew Seaman <[EMAIL PROTECTED]>: >>On Tue, Sep 14, 2004 at 11:36:59PM +0200, Martin Vana wrote: >>> I installed FBSD 5.3 Beta 3 - Default install, and as a regular user >>> I can 'cat /root/.cshrc' or any other file in admin's directory? >>> is it a bug? >> >> No, that's not wrong. The /root directory should be mode 755, which >> means anyone can chdir to it, or list the contents. > > s/should/is/ > > Is there any reason why it should be like this? It's your responsibility as the owner of the account to ensure that no sensitive information should be stored in /root in world-readable files. Regardless of the permissions of /root as a directory you can chmod any subdirectory or file to whatever you feel suits your needs. Why then would it be a problem that /root has 0755 permissions? - Giorgos ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: /root default permisions
On Wed, Sep 15, 2004 at 11:24:45AM +0100, Dick Davies wrote: > * Matthew Seaman <[EMAIL PROTECTED]> [0956 09:56]: > > On Tue, Sep 14, 2004 at 11:36:59PM +0200, Martin Vana wrote: > > > > > I installed FBSD 5.3 Beta 3 - Default install, and as a regular user > > > I can 'cat /root/.cshrc' or any other file in admin's directory? > > > is it a bug? > > > > No, that's not wrong. The /root directory should be mode 755, which > > means anyone can chdir to it, or list the contents. > > s/should/is/ > > Is there any reason why it should be like this? 'should' in the sense that is the way you should expect sysinstall(8) to leave it on a freshly installed system. There's no general reason for it to be given any more restrictive permissions than that. However you are certainly free to put more[1] restrictive permissions on your /root if you wish. It depends if you put anything in that directory which you don't want other people to read. Cheers, Matthew [1] Or less restrictive if you absolutely really must -- but that would be a rather dumb move. Allowing anyone to write to /root other than the superuser is asking to get bitten by a trojan horse. -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgpQhiJhBetBP.pgp Description: PGP signature
Re: /root default permisions
* Matthew Seaman <[EMAIL PROTECTED]> [0956 09:56]: > On Tue, Sep 14, 2004 at 11:36:59PM +0200, Martin Vana wrote: > > > I installed FBSD 5.3 Beta 3 - Default install, and as a regular user > > I can 'cat /root/.cshrc' or any other file in admin's directory? > > is it a bug? > > No, that's not wrong. The /root directory should be mode 755, which > means anyone can chdir to it, or list the contents. s/should/is/ Is there any reason why it should be like this? -- I have the world's largest collection of seashells. I keep it scattered around the beaches of the world ... Perhaps you've seen it. -- Steven Wright Rasputin :: Jack of All Trades - Master of Nuns pgpryl1p1Gob0.pgp Description: PGP signature
Re: /root default permisions
On Tue, Sep 14, 2004 at 11:36:59PM +0200, Martin Vana wrote: > I installed FBSD 5.3 Beta 3 - Default install, and as a regular user > I can 'cat /root/.cshrc' or any other file in admin's directory? > is it a bug? No, that's not wrong. The /root directory should be mode 755, which means anyone can chdir to it, or list the contents. In a freshly installed system there isn't anything in that directory where disclosure of file contents would be greatly deleterious to security. The important thing is that no-one other than root can *write* to that directory. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgpHU0brSzXVB.pgp Description: PGP signature
/root default permisions
Hello, I installed FBSD 5.3 Beta 3 - Default install, and as a regular user I can 'cat /root/.cshrc' or any other file in admin's directory? is it a bug? thank you Martin ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
