Path: utzoo!yunexus!ists!helios.physics.utoronto.ca!news-server.csri.toronto.edu!cs.utexas.edu!usc!ucsd!ucbvax!mindcrf.UUCP!karish
From: karish@mindcrf.UUCP
Newsgroups: comp.unix.questions
Subject: Re: How secure is UNIX?
Summary: FTP and permissions
Message-ID: <9005300024.AA18752@mindcrf.mindcraft.com>
Date: 30 May 90 00:24:34 GMT
Article-I.D.: mindcrf.9005300024.AA18752
References: <100928@<1990May23> <9000030@m.cs.uiuc.edu> <1990May28.102235.10021@agate.berkeley.edu> <6365@amelia.nas.nasa.gov> <1990May29.022854.22733@smsc.sony.com> <MONTNARO.90May29111606@spyder.crd.ge.com>
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: Mindcraft, Inc.
Lines: 24

In article <MONTNARO.90May29111606@spyder.crd.ge.com> montanaro@crdgw1.ge.com
(Skip Montanaro) writes:
>Shouldn't the ftp daemon on the receiving end set the file permissions
>pessimistically? On Suns at least, the mode on the receiving end is 666.
>(Ultrix appears to set the mode to 644, which for the current discussion is
>no better than 666.) If the modes are going to be mangled, I'd rather they
>were mangled to 600. The case of ~/.netrc is just one problem. As another
>example, mail files often contain sensitive information (like passwords :-).
>Having them created mode 666 can be just as damaging.


The receiving-end ftp daemon should set file access modes using the
system's default umask.  If a file contains sensitive data, it
should be restored into a directory with secure access modes and
kept there until the file's access modes can be corrected.  This is
all under the control of the user.

If you want a more user-friendly utility for this purpose, use 'rcp',
which preserves modes.

-- 

	Chuck Karish		karish@mindcraft.com
	Mindcraft, Inc.		(415) 323-9000