passwd & permissions
security at revolutionsp.com
Sun Mar 20 13:05:17 PST 2005
#define PERM_INSECURE (S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)
#define PERM_SECURE (S_IRUSR|S_IWUSR)
Thanks, removing S_IROTH worked :-)
While we're at it, what is the cause for the system changing permissions
when I install a port ? (ie /usr/local/sbin and /usr/local/www) As I've
said in my previous mail, changing the mtree/ files to reflect my desired
permissions sounded logical, but either I failed some step or it isn't the
way to go.
> On Sun, Mar 20, 2005 at 01:26:57PM -0600, H. S. wrote:
>> I'm using FreeBSD on various servers for many time now, and there is
>> something that always bothered me. It is related to /etc/passwd and
>> /etc/pwd.db permissions.
>> I have custom (0640) permissions on these files. However, each time a
>> changes his/her password, the system will reset the password file
>> permissions back to the original (rw r r).
> I think these files would be rebuilt by the pwd_mkdb utility. You
> should be able to change it to rebuild the files with different
> permissions. See the PERM_INSECURE and PERM_SECURE constant pwd_mkdb.c.
> (I'm not really sure about the wisdom of making passwd and pwd.db
> have permissions 640, but I guess you know your system best.)
More information about the freebsd-hackers