misc/95684: /root wrong permissions
Jerry McAllister
jerrymc at clunix.cl.msu.edu
Thu Apr 13 14:27:16 UTC 2006
>
> Jerry McAllister wrote:
. . .
> > The following reply was made to PR misc/95684; it has been noted by GNATS.
> > >
> > >
> > > with standard installation of FBSD 5.4 Released or 6.0 Released from CD-ROM,
> > > you have after install process a wrong permission of /root.
> > > It is 0755, but it should be 0700.
> > > I see this as an Security hole.
> >
> > I was just able to look back as far as FreeBSD 3.2 - as far back as
> > I have anything handy running and they all have "/" set to 755.
> >
> > I don't understand why it should be 0700.
> >
> > If you did that, no person could do an ls or get to directories under
> > root. The 755 setting does not allow group or world to write to root,
> > just get to the necessary things in it.
> >
> >
> I think you misunderstood the problem of the submitter. He meant
> "/root", the home of the root user, not the root filesystem "/".
Ah, you are probably right about that.
It is a little different, but really, 755 is the standard permissions
for a home directory, so is it significant? There is normally nothing
of consequence in the /root directory and probably shouldn't be. Unless
you do something else, it just has a few dot files for shells, etc.
You shouldn't be using the actual 'root' account for logins or much
of anything anyway. When[if] I create a root account, eg another account
with '0' UID, I normally make a directory within /root to be its home
directory and can set its permissions any way I want if I feel the
need. So, I don't see this as any security weakness.
////jerry
>
> Gabor Kovesdan
>
More information about the freebsd-bugs
mailing list