passwd & permissions
H. S.
security at revolutionsp.com
Wed Mar 23 09:42:02 PST 2005
> On Sun, Mar 20, 2005 at 01:26:57PM -0600, H. S. typed:
>> Hey,
>>
>> I'm using FreeBSD on various servers for many time now, and there is
>> something that always bothered me. It is related to /etc/passwd and
>> /etc/pwd.db permissions.
>>
>> I have custom (0640) permissions on these files. However, each time a
>> user
>
> Be carefull not to get yourself a false sense of security. e.g. if your
> goal
> is to hide information about your users, there are many other ways
> to get the info without having to open /etc/passwd or /etc/pwd.db
>
> example:
>
> /usr/sbin/pw usershow -a
>
> Ruben
>
>
[????/ttyp0] username:/home/username$ ./pw usershow -a
[????/ttyp0] username:/home/username$
(no output)
Since pw is not setuid, if it can't read any of the passwd files, it will
not print the full userlist. I have very customized (and tested, over the
years) permissions on the whole filesystem. That is why I wanted to find
out why some permissions get back to system defaults whenever I install a
port. The most proeminent cases are /usr/local/sbin/ (gets back to rwx rx
rx) and /usr/local/www (rwx rx rx and chgrp wheel, I have a different
group owning the directory).
Any idea about what to fix in order to make the system stop resetting my
permissions when I install ports ?
Thanks!
More information about the freebsd-hackers
mailing list