Re: umask not applied
Le 22/12/2011 19:21, Brad Mettee a écrit : On 12/22/2011 12:58 PM, Bastien Semene wrote: Hi list, I'm trying to apply a umask of 002 to user user (username changed for this example) while logged-in through ftpd. I used login class class (class name changed for this example) I edited /etc/login.conf and set at the bottom (there's no other entry for this user): class::umask=0002: then rebuilt the db : #cap_mkdb /etc/login.conf I assigned the user to this class: #pw usermod user -L class #pw usershow user user:*:1003:80:class:0:0:bla bla:/home/user:/bin/sh (group 80 is why I need this umask) The user still creates folders with 755 permissions through ftpd. So I switched to this user and watched the umask, it is still 0022. I tried setting the umask on the fly : $umask 0002 It works. There's no user-defined umask in ~/.login or ~/.login_conf I took care of typos and there is no error. #uname -r 8.2-RELEASE-p3 As what I read in the man pages I checked all the possibilities in the login mechanism, so if anyone has an idea it's welcome :) Thanks ! I'm not a pro FreeBSD user, but wouldn't the FTPD program be more responsible for the user's login credentials since that's what they're using that's causing the wrong permissions to be applied? From what I remember, FTPD verifies the users login, but doesn't actually execute any login scripts associated with that user. I did not said it explicitly but when I did a switch user I actually meant a su command from the shell (I deactivated user's ssh login possibility). You made me find the point about my use of the su command, I forgot to make a full login using su - user instead of su user ... So, login class applies correctly. In the ftpd(8) manual the -u documentation specifies that login.conf is read : The default file creation mode mask is set to umask, which is expected to be an octal numeric value. Refer to umask(2) for details. This option may be overridden by login.conf(5). ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: umask not applied
On 12/22/2011 12:58 PM, Bastien Semene wrote: Hi list, I'm trying to apply a umask of 002 to user user (username changed for this example) while logged-in through ftpd. I used login class class (class name changed for this example) I edited /etc/login.conf and set at the bottom (there's no other entry for this user): class::umask=0002: then rebuilt the db : #cap_mkdb /etc/login.conf I assigned the user to this class: #pw usermod user -L class #pw usershow user user:*:1003:80:class:0:0:bla bla:/home/user:/bin/sh (group 80 is why I need this umask) The user still creates folders with 755 permissions through ftpd. So I switched to this user and watched the umask, it is still 0022. I tried setting the umask on the fly : $umask 0002 It works. There's no user-defined umask in ~/.login or ~/.login_conf I took care of typos and there is no error. #uname -r 8.2-RELEASE-p3 As what I read in the man pages I checked all the possibilities in the login mechanism, so if anyone has an idea it's welcome :) Thanks ! I'm not a pro FreeBSD user, but wouldn't the FTPD program be more responsible for the user's login credentials since that's what they're using that's causing the wrong permissions to be applied? From what I remember, FTPD verifies the users login, but doesn't actually execute any login scripts associated with that user. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: umask .ape
On 12/11/10 17:16, xinyou yan wrote: 1. In my system umask enter 022 I want to know why i do the commander umask -S it show Improper mask not u=rwx,g=. 2. anybody who know how to listen the music like .ape or flac flac will play with mplayer. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: umask .ape
On 12/11/10 17:16, xinyou yan wrote: 2. anybody who know how to listen the music like .ape or flac Any player which use libavcodec. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: umask .ape
On Sat, Dec 11, 2010 at 03:16:56PM +0800, xinyou yan wrote: 1. In my system umask enter 022 I want to know why i do the commander umask -S it show Improper mask not u=rwx,g=. 2. anybody who know how to listen the music like .ape or flac thank you ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org mplayer will actually play anything. -- Old mercenaries never die. They go to hell and regroup. With best regards, Mikle Krutov, Bercut ltd. Technical Support department ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Umask and Samba
On Tue, 14 Apr 2009 16:31:03 + (GMT), Andy Hiscock andyjhisc...@yahoo.com said: A Ideally I would like to create mask to be set to generate -rw-rw. A Is there a way of working what the value should be? I use this in smb.conf, which allows user/group write and world read: force create mode = 0660 force directory mode = 0775 You might be able to turn world permissions off by using: create mask = 0740 or security mask = 0770 -- Karl Vogel I don't speak for the USAF or my company Drawing on my fine command of language, I said nothing. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: umask
On Wed, 16 Feb 2005 16:50:56 +0100 koen de wijs [EMAIL PROTECTED] wrote: I have a question aboout the umask under FreeBSD. I couldn't find what it exactly is. It is something for setting files how you set the 'xrwxrwxrw' I found a file where you could chance it but don't knwo anymore what it was. I want to use this for my ftp-server with FreeBSD. I have a directory 'upload' where all my friends can put there files. They are all members of the group 'ftpusers'. But when they put a file in that directory all the other users from the group 'ftpusers' canchange or delete this file. I want to change it so that the write bit for the group is off when someonse of the ftpusers group writes something in the folder 'upload'. afair normally you would : - chmod 1777 your_upload_dir (for anonymous uploads) - do *any* other permission-settings in the config of the FTP-server you're running ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: umask
On Thu, Aug 14, 2003 at 03:42:37PM +0200 or thereabouts, Antoine Jacoutot wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi ! In my way to learn security under FreeBSD, I was wondering if a umask of 066 in login.conf was a good or bad idea ? Any thoughs ? I mean at first, I can't seem to find why this could be wrong, but I'm sure there's a reason why the default umask is set to 022. 066 will be *more* secure than 022. This is because a umask is deducted from the default permission bits of 666 (or 777 for executables) on new files. So a umask of 022 will cause new files to have a mode of 600 or 711. Here are some good (and not-so-good) umasks, in order of least- to most-secure: * 000 (666 or 777 -- PLEASE DO NOT USE) * 022 (644 or 755 -- default) * 027 (640 or 750 -- pretty good) * 077 (600 or 700 -- most secure) Usually people don't do umasks with a 6 because this can leave *only* executable bits on some parts of the mode; this is not very useful. -- Josh Thanks in advance. - -- Antoine Jacoutot [EMAIL PROTECTED] http://www.lphp.org PGP/GnuPG key: http://www.lphp.org/ressources/ajacoutot.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/O5HQY3Hnhkr+5cQRArBzAJ0augtR1of8PZp4jES/0951LNtUZQCfQCjb go6GiRqK403T0rbU6fjhCdA= =pb9d -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: umask
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 14 August 2003 20:19, Joshua Oreman wrote: 066 will be *more* secure than 022. I know that :) This is because a umask is deducted from the default permission bits of 666 (or 777 for executables) on new files. So a umask of 022 will cause new files to have a mode of 600 or 711. Yes I know, I was just wondering why the default behaviour was not very secure. * 077 (600 or 700 -- most secure) So, if I set umask to 077, this is OK, right ? Is there ANY cons ? Thanks a lot for your answer Joshua. Antoine -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/O9QOY3Hnhkr+5cQRAnI6AJ4r4/ChIy/cDAqv2ZHrBCnDu2HotACeK5jx CBnqmfxoTPvdT4rZIUs8s0U= =sw1f -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: umask
On Thu, Aug 14, 2003 at 08:25:15PM +0200 or thereabouts, Antoine Jacoutot wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 14 August 2003 20:19, Joshua Oreman wrote: 066 will be *more* secure than 022. I know that :) This is because a umask is deducted from the default permission bits of 666 (or 777 for executables) on new files. So a umask of 022 will cause new files to have a mode of 600 or 711. Yes I know, I was just wondering why the default behaviour was not very secure. * 077 (600 or 700 -- most secure) So, if I set umask to 077, this is OK, right ? Is there ANY cons ? None of the files you create, by default, will be accessible -- at all -- to anyone but yourself. You have to watch out for this if you're running a web/ftp server when you put files in the document root, for example. Thanks a lot for your answer Joshua. No trouble. -- Josh Antoine -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/O9QOY3Hnhkr+5cQRAnI6AJ4r4/ChIy/cDAqv2ZHrBCnDu2HotACeK5jx CBnqmfxoTPvdT4rZIUs8s0U= =sw1f -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: umask
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 14 August 2003 21:12, Jez Hancock wrote: Some applications require a less strict umask to install files correctly with the right permissions - quite often you aren't warned about this either and it can be a headache finding out which file perms are incorrect. Ah, OK... this is kind of a problem indeed. Well, I don't know what to do anymore :) Maybe setting an umask of 077 only for /usr/home (using fstab) would be a good start ? If anyone has any advice about this, please feel free to tell me. Regards. - -- Antoine Jacoutot [EMAIL PROTECTED] http://www.lphp.org PGP/GnuPG key: http://www.lphp.org/ressources/ajacoutot.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/O+UNY3Hnhkr+5cQRArhKAJ4gosXbLG8/ZByBm3JXJc43bmpTnwCfUrqY GQEoGBd/AjYT4QngSVx0kqo= =Zzz7 -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: umask
On Thu, Aug 14, 2003 at 09:37:46PM +0200, Antoine Jacoutot wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 14 August 2003 21:12, Jez Hancock wrote: Some applications require a less strict umask to install files correctly with the right permissions - quite often you aren't warned about this either and it can be a headache finding out which file perms are incorrect. Ah, OK... this is kind of a problem indeed. Yes I got burnt by setting my root umask to 077 and installing a raft of apps - real nightmare finding out which apps installed perms with dodgy perms. Well, I don't know what to do anymore :) Maybe setting an umask of 077 only for /usr/home (using fstab) would be a good start ? The only gotcha there is with httpd access - if you decide to have apache read documentroot folders from under /usr/home then any files your users create in a shell won't be accessible by the www user by default. In the end I gave up and left the default umask alone, causes more problems than it solves in the 'prevention' vein. umask is perhaps more friendly when considering setting a lower umask to allow for users to create group rwx files by default. I've not used it that much tbh. :) -- Jez http://www.munk.nu/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: umask
On Thu, Aug 14, 2003 at 08:25:15PM +0200, Antoine Jacoutot wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 14 August 2003 20:19, Joshua Oreman wrote: 066 will be *more* secure than 022. I know that :) This is because a umask is deducted from the default permission bits of 666 (or 777 for executables) on new files. So a umask of 022 will cause new files to have a mode of 600 or 711. Yes I know, I was just wondering why the default behaviour was not very secure. * 077 (600 or 700 -- most secure) So, if I set umask to 077, this is OK, right ? Is there ANY cons ? Some applications require a less strict umask to install files correctly with the right permissions - quite often you aren't warned about this either and it can be a headache finding out which file perms are incorrect. -- Jez http://www.munk.nu/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: umask
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 14 August 2003 22:46, Jez Hancock wrote: Well, I don't know what to do anymore :) Maybe setting an umask of 077 only for /usr/home (using fstab) would be a good start ? The only gotcha there is with httpd access - if you decide to have apache read documentroot folders from under /usr/home then any files your users create in a shell won't be accessible by the www user by default. Well, my users don't have public html files, so this shouldn't be a problem. Thanks a lot for the feedback. Antoine -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/PAxNY3Hnhkr+5cQRAq1EAJ4oH7IQzAxP+AgtEXESirbyAxIPxACfQ3pl +asKS/C2a6aDMVDYZa6hdhg= =/CXl -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]