A very 'trivial' question about /root
ASV
asv at inhio.eu
Thu Jun 27 19:39:23 UTC 2013
Thanks for your reply Polytropon,
I'm using FreeBSD since few years already and I'm kind of aware of the
"dynamics" related to permissions, many of them are common to many
Unices.
I agree that the installer doesn't put anything secret but as a home dir
for the root user it's highly likely that something not intended to be
publicly readable will end up there soon after the installation.
Which IMHO it's true also for any other user homedir which gets created
by default using a pretty relaxed umask 022, but that seems to be the
default on probably any other UNIX like system I've put my hands on
AFAIR.
Don't get me wrong, since I use FreeBSD I'm just in love with it. Mine
is just a concern about these permission defaults which look to me a bit
too relaxed and cannot find yet a reason why not to restrict it.
After all I believe having good default settings may make the difference
in some circumstances and/or save time.
On Thu, 2013-06-27 at 04:58 +0200, Polytropon wrote:
> On Wed, 26 Jun 2013 23:34:41 +0200, ASV wrote:
> > There's any reason (and should be a fairly good one) why the /root
> > directory permissions by default are set to 755 (for sure on releases
> > 8.0/8.1/9.0/9.1)????
>
> This is the default permission for user directories, as root
> is considered a user in this (special) case, and /root is its
> home directory. The installer does not put anything "secret"
> in there, but _you_ might, so there should be no issue changing
> it to a more restricted access permission.
>
> Hint: When a directory is r-x for "other", then it will be
> indexed by the locate periodic job, so users could use the
> locate command (and also find) to look what's in there. If
> this is not desired, change to rwx/---/---, or rwx/r-x/---
> if you want to allow (trusted) users of the "wheel" group
> to read and execute stuff from that directory (maybe homemade
> admin scripts in /root/bin that should not be "public").
>
> There are few things that touch /root content. System updating
> might be one of them, but as it is typically run as root (and
> even in SUM), restrictive permissions above the default are
> no problem.
>
> To summarize the answer for your question: It's just the default. :-)
>
>
More information about the freebsd-questions
mailing list