From root@blok52.atlantis.bg  Sun Sep  8 05:47:45 2002
Return-Path: <root@blok52.atlantis.bg>
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5C31F37B53A
	for <FreeBSD-gnats-submit@freebsd.org>; Sun,  8 Sep 2002 05:47:41 -0700 (PDT)
Received: from blok52.atlantis.bg (blok52.atlantis.bg [193.108.24.226])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 93EB543E72
	for <FreeBSD-gnats-submit@freebsd.org>; Sun,  8 Sep 2002 05:47:40 -0700 (PDT)
	(envelope-from root@blok52.atlantis.bg)
Received: by blok52.atlantis.bg (Postfix, from userid 0)
	id 53DD1AA0E; Sun,  8 Sep 2002 15:47:20 +0300 (EEST)
Message-Id: <20020908124720.53DD1AA0E@blok52.atlantis.bg>
Date: Sun,  8 Sep 2002 15:47:20 +0300 (EEST)
From: Vasil Dimov <vd@etrade.bg>
Reply-To: vd@etrade.bg
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: installworld chmods /root and /mnt to 755
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         42550
>Category:       conf
>Synopsis:       installworld chmods /root and /mnt to 755
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sun Sep 08 05:50:04 PDT 2002
>Closed-Date:    Sun Sep 08 07:40:58 PDT 2002
>Last-Modified:  Sun Sep  8 11:50:01 PDT 2002
>Originator:     Vasil Dimov
>Release:        FreeBSD 4.7-PRERELEASE i386
>Organization:
none
>Environment:
System: FreeBSD polejan.bl-52.studgrad.net 4.7-PRERELEASE FreeBSD 4.7-PRERELEASE #0: Thu Sep 5 21:09:57 EEST 2002 root@polejan.bl-52.studgrad.net:/usr/obj/usr/src/sys/POLEJAN i386
>Description:

As soon as I run `make installworld' i get my /root and /mnt permissions
changed from 700 to 755. So every time after installworld I have to
restore them.

Why is that? Why is every user's home dir normally to be 700 and root's not?
I would like installworld always to do chmod 700, or at least not to
change these perms.

Can I put the desired permissions in some config file?

>How-To-Repeat:
cd /usr/src && make installworld
>Fix:
Of-course some .sh file can be hacked, but after cvsuping changes will be lost.
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: roam 
State-Changed-When: Sun Sep 8 07:35:56 PDT 2002 
State-Changed-Why:  
This has been discussed many times, both on the mailing lists 
and in problem reports.  It was most recently discussed in PR i386/42053, 
the audit trail for which is available at 
http://www.FreeBSD.org/cgi/query-pr.cgi?pr=42053 

The general consensus is that 0755 is a sensible set of permissions for 
root's home directory; if there is anything sensitive in there, it may 
be protected by stashing it into a subdirectory instead.  Moreover, the 
permissions may indeed be modified, if you so desire, by editing the 
src/etc/mtree/BSD.root.dist file. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=42550 

From: Giorgos Keramidas <keramida@FreeBSD.org>
To: Vasil Dimov <vd@etrade.bg>
Cc: bug-followup@FreeBSD.org
Subject: Re: conf/42550: installworld chmods /root and /mnt to 755
Date: Sun, 8 Sep 2002 17:24:10 +0300

 In message: <20020908124720.53DD1AA0E@blok52.atlantis.bg>
             Vasil Dimov <vd@etrade.bg> wrote:
 >
 > As soon as I run `make installworld' i get my /root and /mnt permissions
 > changed from 700 to 755. So every time after installworld I have to
 > restore them.
 
 Look at the file /usr/src/etc/mtree/BSD.root.dist.  That's where the
 default permissions for /root and /mnt are kept.  If you want to make
 local changes to files under /usr/src and still be able to use CVSup
 to update them, you can always make a collection of local patches in
 say /root/patches and apply them manually after CVSup'ing with a
 script similar to:
 
 	#!/bin/sh
 
 	cd /root/patches
 	for fname in *.diff ;do
 		cat "${fname}" |\
 		( cd /usr/src ; patch -p0 )
 	done
 	cd /usr/src
 	find . -name \*orig | xargs rm
 
 - Giorgos
>Unformatted:
