Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!news.sprintlink.net!tank.news.pipex.net!pipex!dispatch.news.demon.net!demon!palmer.demon.co.uk!palmer.demon.co.uk!not-for-mail From: gary@palmer.demon.co.uk (Gary Palmer) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: latest snap.... Date: 4 Oct 1995 20:33:09 +0100 Organization: none Lines: 57 Message-ID: <44unhl$3ue@palmer.demon.co.uk> References: <306fe43b@p0.f58.n5100.z2.fidonet.org> NNTP-Posting-Host: pc.my.org X-NNTP-Posting-Host: palmer.demon.co.uk In article <306fe43b@p0.f58.n5100.z2.fidonet.org>, Victor Rotanov <Victor_Rotanov@p0.f58.n5100.z2.fidonet.org> wrote: >7) /mnt directory is rwxr--r-- by default. it should be rwx------. Why? The /mnt directory is NOT used for anything, it's left there for you to use as you see fit. If you want it to be 700, that's a local choice and not something that I for one would advocate putting into the system without good cause. >8) it would be good to warn new freebsd sysadmins to mount dos partitions to >/mnt/dos (for example), not to /dos. Again, why? Because of (7)? To tell you the truth, I don't see how changing the mount point can do anything beneficial, and (in this case) could cause confusion (among those same newbie admin) who are looking for their DOS partitions... Is there some security concern that you are not expressing? >9) It would be good to make /sbin and /usr/sbin rwx------ and all programs from >there that may be executed by users move to somewhere else and symlink to /sbin >and /usr/sbin. Wrong. Sorry. I CANNOT agree with this. If nothing else, (r)dump and (r)restore are in /sbin, and these programs CAN be accessed by non-root users for doing backups. We have a UID (``dumpster'') at Walnut Creek CDROM for doing distributed backups with AMANDA. The dump process is NOT run by root, instead the user that the dump is done by is in the ``operator'' group to allow access to the raw disk devices. Moving the programs into (say) /bin or /usr/bin where the other ``user accessible'' programs live would cause a LARGE ammount of confusion, and also break a LOT of stuff. The permissions on the programs (as installed) and also the code in the programs which do user authentication check should be more than enough. >10) symlinking /var/mail to /var/spool/mail is good for compatibility. Hmm. Perhaps. But most mail programs now know about the existance of /var/mail, and those that don't can be easily patched (and are probably in ports). I'm sorry if it seems that I have come down hard on you, but I don't agree with the points I have replied to, and without reasons why those changes should be made, I don't think many other people will either. And wholesale changes like the suggestion for /sbin & /usr/sbin will probably not be welcomed by the majority of our users who have to go change system maintanence scripts, and large symlink trees are things we like to try and avoid as they just clutter up the system. Yours Gary -- FreeBSD Core Member E-Mail: Gary@Palmer.Demon.co.uk, gpalmer@FreeBSD.org