# Installation changes



## 6502 (Thursday at 2:49 PM)

I have 2 questions or recommendations about FreeBSD installer:

1) Why default Home directory permissions are 755 and not 700 or 710? With current default permissions every user can see and read files of other users.

2) Why installer does not include activation/installation of firewall? It can be at final step (or in network settings) and disabled/unchecked by default.


----------



## SirDice (Thursday at 2:53 PM)

1) It's your job as sysadmin to change it if you need too.
2) Again, it's your job as a sysadmin to enable one of the firewalls and configure it correctly.

The installer does nothing more than install a basic system that's workable for most people. It's up to you if you want things differently. You could create a custom install script for example, see bsdinstall(8).


----------



## 6502 (Thursday at 3:03 PM)

1) IMHO it is better to have increased security by default and change it to more "liberal" if necessary.

2) I agree that sysadmin can enable firewall but I guess that most installations have firewall (i.e. activation is question of time, usually one of first steps after install). Some options which currently exist can also be missing and modified by sysadmin after installation.


----------



## SirDice (Thursday at 3:18 PM)

Well, if you want to suggest changes I suggest you do so on the mailing lists. There are very few developers here on the forums. The forum's main purpose is to provide user support by other users.



DutchDaemon said:


> Note that this is a general user and administrator forum, where the community aims to assist those who want to install, run, or upgrade _*FreeBSD as-is*_. Discussions about what FreeBSD _needs to be_, or _needs to add_, or _needs to lose_, are pointless on the forums. We do not maintain the operating system here.


----------



## cracauer@ (Thursday at 3:45 PM)

Firewall shouldn't be needed on a system that runs no TCP or UDP services yet.

I guess the mail agent is the only nagging point here.


----------



## mer (Thursday at 4:49 PM)

Firewalls always seem to be a point of contention.  "I'm running a workstation that is not serving anything, do I need to run a firewall?"  4 out of 5 people say yes you should and 4 out of 5 people say don't bother.  I'm in the "I run a firewall on a workstation in default deny in, default allow out" simply to make it a little harder, while recognizing it takes resources.

I think not installing/activating one by default is a good thing because the installer doesn't know if you want to run ipfw or pf.  So leave that to you.

Home directory permissions:  my opinion only an issue for a single workstation used by multiple people.  If I'm the only one to use it, who cares if root can read my user files.


----------



## Phishfry (Thursday at 4:52 PM)

6502 said:


> Why installer does not include activation/installation of firewall?


Actually 3 firewalls are installed. Does FreeBSD now have a prefered firewall?
Who would chose what the default firewall is?

What about networks with a central firewall. Clients don't need a firewall in that arrangement.


----------



## Erichans (Thursday at 10:57 PM)

6502 said:


> 1) Why default Home directory permissions are 755 and not 700 or 710? With current default permissions every user can see and read files of other users.


I suspect that has something to do with the expected trust and cooperation between users when UNIX was developed. However, if so desired a sysadmin can use `adduser -C` to generate a adduser.conf(5) with customised standard settings for _Home directory permissions_.

Note: the entry `defaultHomePerm` generated for _Home directory permissions_ in /etc/adduser.conf is strangely not listed in adduser.conf(5)


----------



## Alain De Vos (Yesterday at 10:02 AM)

```
chmod 700 /usr/home/*
chmod 700  /root
```


----------

