passwd & permissions

[H. S.]

Hey,

I'm using FreeBSD on various servers for many time now, and there is
something that always bothered me. It is related to /etc/passwd and
/etc/pwd.db permissions.

I have custom (0640) permissions on these files. However, each time a user
changes his/her password, the system will reset the password file
permissions back to the original (rw r r). I'm not much of a programmer,
but I tried to change passwd.c source to do a execl() at the end of the
file (calling chmod). After trying it, the permissions were reset anyway,
so I added a perror("execl") and it says permission denied. Should be
because passwd dropped privileges at that part of the program. I've
thought about a cron job to fix the permissions every X minutes, but I'd
like a more "clean" option to this.

Where in the system can I change the permission-reset behaviour ? This
also happens, for example, with /usr/local/sbin/ (rwx rx x are my
permissions) after I upgrade any port, it will be rwx rx rx , and
/usr/local/www too.

I've edited the mtree/ files as it sounded like a good lead, but the
behaviour remains.

What should I do ?

Thanks.