misc/95684: /root wrong permissions

Jerry McAllister jerrymc at clunix.cl.msu.edu
Thu Apr 13 14:27:16 UTC 2006

> Jerry McAllister wrote:

 . . .

> > The following reply was made to PR misc/95684; it has been noted by GNATS.
> >  > 
> >  > 
> >  > with standard installation of FBSD 5.4 Released or 6.0 Released from CD-ROM,
> >  > you have after install process a wrong permission of /root.
> >  > It is 0755, but it should be 0700.
> >  > I see this as an Security hole.
> >  
> >  I was just able to look back as far as FreeBSD 3.2 - as far back as 
> >  I have anything handy running and they all have "/" set to 755.
> >  
> >  I don't understand why it should be 0700. 
> >  
> >  If you did that, no person could do an ls or get to directories under
> >  root.   The 755 setting does not allow group or world to write to root,
> >  just get to the necessary things in it.
> >  
> >  
> I think you misunderstood the problem of the submitter. He meant 
> "/root", the home of the root user, not the root filesystem "/".

Ah, you are probably right about that.

It is a little different, but really, 755 is the standard permissions 
for a home directory, so is it significant?   There is normally nothing
of consequence in the /root directory and probably shouldn't be.  Unless
you do something else, it just has a few dot files for shells, etc.

You shouldn't be using the actual 'root' account for logins or much
of anything anyway.   When[if] I create a root account, eg another account
with '0' UID, I normally make a directory within /root to be its home
directory and can set its permissions any way I want if I feel the
need.   So, I don't see this as any security weakness.


> Gabor Kovesdan

More information about the freebsd-bugs mailing list