Standard file permissions for /usr/local

Sat Jul 7 23:14:57 UTC 2012

In this whole thread I don't any relation as to what perms are on what
directory ... which inherently makes the whole point mud.

What is actually trying to be accomplished here?

Given there is no context as to what these are and belong to the numbers
below with the symbolic meaning are useless besides saying the system is
being populated and things are different.

Also having a standard for file permissions is nearly irrelevent with
the exceptions to specific areas of the filesytem like documents can
easily be said needing to be 'a=rX' "/usr/local/share/doc" ... examples
etc.

Blindly going through installed software with a massively large comb
"chmod -R anything=anything" is a bad idea. packages and ports need to
be singly identified and looked at more closely as to whether they are
doing the right thing.

Do you have anything relevant as to a particular port or package ?

On Sat, Jul 07, 2012 at 11:39:24PM +0100, Chris Rees wrote:
> On Jul 7, 2012 11:02 PM, "grarpamp" <grarpamp at gmail.com> wrote:
> >
> > Given a /usr/local populated only by ports (more specifically,
> > packages), we have the following stats...
> >
> > /usr/local
> >
> > 54378 -r--r--r--
> >    1 -r-sr-xr-x
> > 1505 -r-xr-xr-x
> > 21790 -rw-r--r--
> >    9 -rw-rw-r--
> >    1 -rws--x--x
> >    1 -rwsr-x---
> >    1 -rwsr-xr--
> >    4 -rwsr-xr-x
> >    4 -rwxr-sr-x
> > 3515 -rwxr-xr-x
> >    1 drwx------
> > 6064 drwxr-xr-x
> >    1 drwxrwsr-x
> > 1638 lrwxr-xr-x
> >    1 lrwxrwxrwx
> >
> > For /usr, we have...
> >
> > 24907 -r--r--r--
> >    4 -r-sr-sr-x
> >    3 -r-sr-x---
> >   24 -r-sr-xr-x
> >    8 -r-xr-sr-x
> >  786 -r-xr-xr-x
> >    2 -rw-------
> >    8 -rw-r--r--
> >    1 -rwxr-xr-x
> > 1284 drwxr-xr-x
> >    1 drwxrwxrwt
> >  947 lrwxr-xr-x
> >   34 lrwxrwxrwx
> >
> > Am I to, or should I, believe that there is some standard or preference
> > such that files should not have mode u+w?
> >
> > Let's take a look at etc' s 'configurables area' too...
> >
> > /usr/local/etc
> >
> >  198 -r--r--r--
> >   19 -r-xr-xr-x
> >   40 -rw-r--r--
> >    1 drwx------
> >   77 drwxr-xr-x
> >   16 lrwxr-xr-x
> >
> > /etc
> >
> >   25 -r--r--r--
> >    1 -r-x------
> >  153 -r-xr-xr-x
> >   20 -rw-------
> >    1 -rw-r-----
> >  121 -rw-r--r--
> >    1 -rw-rw-r--
> >    6 -rwx------
> >   57 -rwxr-xr-x
> >    2 drwx------
> >   25 drwxr-xr-x
> >    3 lrwxr-xr-x
> >    4 lrwxrwxrwx
> >
> > Now see that I have amended my /usr/local perms after install such that
> > root can more easily manage that tree. (I could have just as easily
> conformed
> > it to u-w).
> >
> > 76179 -rw-r--r--
> >    1 -rwsr-xr-x
> > 5029 -rwxr-xr-x
> > 6066 drwxr-xr-x
> > 1639 lrwxr-xr-x
> >
> > I don't see the point in making things mode u-w?
> > 'Security' cannot be the case, as even setting dirs u-w, schg,
> capabilities,
> > read-only mount, etc will make no difference... for root, it's only
> annoying for
> > a moment.
> >
> > What standard / guide am I missing that says u-w is the way (for at least
> > the large majority of the files in the first two counts above)?
> 
> It's pointless having most files u+w, since they won't be edited, but
> soonish I'm told that http://bugs.freebsd.org/157168 should be committed,
> which will make conf files u+w.
> 

-- 

 - (2^(N-1))
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 455 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20120707/460c4be7/attachment.pgp