# /etc/permissions
#
# Copyright (c) 2001 SuSE GmbH Nuernberg, Germany.  All rights reserved.
#
# Author: Roman Drahtmueller <draht@suse.de>, 2001
#
# This file is used by SuSEconfig and chkstat to check or set the modes
# and ownerships of files and directories in the installation.
#
# There is a set of files with similar meaning in a SuSE installation:
# /etc/permissions  (This file)
# /etc/permissions.easy
# /etc/permissions.secure
# /etc/permissions.paranoid
# /etc/permissions.local
# Please see the respective files for their meaning.
#
#
# Format: 
# <file> <owner>.<group> <permission> 
#
# How it works:
# Change the entries as you like, then call
# `chkstat -set /etc/permissions or /etc/permissions.{easy,secure,paranoid}
# respectively, or call `SuSEconfig as yast and yast2 do after they think
# that files have been modified in the system.
#
# SuSEconfig will use the files /etc/permissions and the ones ending in
# what the variable $PERMISSION_SECURITY from /etc/rc.config contains.
# By default, these are the files /etc/permissions, /etc/permissions.easy
# and /etc/permissions.local for local changes by the admin. In addition,
# the directory /etc/permissions.d/ can contain permission files that 
# belong to the packages they modify file modes for. These permission files
# are to switch between conflicting file modes of the same file paths in
# different packages (popular example: sendmail and postfix, path
# /usr/sbin/sendmail).
#
# SuSEconfig's usage of the chkstat program can be turned off completely
# by setting CHECK_PERMISSIONS to "warn" in /etc/rc.config.
#
# /etc/permissions is kept to the bare minimum. File modes that differ
# from the settings in this file should be considered broken.
#
# Please see the headers of the files
#   /etc/permissions.easy
#   /etc/permissions.secure
#   /etc/permissions.paranoid
# as well as
#   /etc/permissions.local
# for more information about their particular meaning and their setup.

#
# root directories:
#

/                                       root.root        755
/root                                   root.root        700
/tmp                                    root.root       1777
/tmp/.X11-unix                          root.root       1777
/tmp/.ICE-unix                          root.root       1777
/dev                                    root.root        755
/bin                                    root.root        755
/sbin                                   root.root        755
/lib                                    root.root        755
/etc                                    root.root        755
/home                                   root.root        755
/boot                                   root.root        755
/opt                                    root.root        755
/usr                                    root.root        755

#
# /var:
#

/var/tmp                                root.root       1777
/var/tmp/vi.recover                     root.root       1777
/var/preserve/vi.recover                root.root       1777
/var/iptraf                             root.root        700
/var/lock/subsys                        root.root        755
/var/log                                root.root        755
/var/spool                              root.root        755
/var/spool/atjobs                         at.at          700
/var/spool/atspool                        at.at          700
/var/spool/cron                         root.root        700
/var/spool/mqueue                       root.root        700
/var/spool/news                         news.news        775
/var/spool/rwho                         root.root        755
/var/spool/uucp                         uucp.uucp        755
/var/spool/voice                        root.root        755
/var/spool/mail                         root.root       1777
/var/adm                                root.root        755
/var/adm/backup                         root.root        700
/var/adm/tripwire                       root.root        700
/var/cache                              root.root        755
/var/cache/man                           man.root        755
/var/saint                              root.root        750
/var/yp                                 root.root        755


#
# some device files
#

/dev/zero                               root.root        666
/dev/null                               root.root        666
/dev/full                               root.root        622
/dev/ip                                 root.root        660
/dev/initrd                             root.disk        660
/dev/kmem                               root.kmem        640
/usr/local/ftp/dev/null                 root.root        666

#
# mixed
#
/var/spool/atspool                     at.at             700
/var/spool/atjobs/.SEQ                 at.at             600
/var/spool/atjobs/.lockfile            at.at             600
/var/spool/atjobs                      at.at             700
/var/run/sudo                          root.root         700

#
# /etc
#
/etc/lilo.conf                         root.root         600
/etc/passwd                            root.root         644
/etc/passwd-                           root.root         644
/etc/shadow                            root.shadow       640
/etc/shadow-                           root.shadow       640
/etc/init.d                            root.root         755


#
# terminal emulators
# This and future SuSE products have support for the utempter, a small helper
# program that does the utmp/wtmp update work with the necessary rights.
# The use of utempter obsoletes the need for sgid bits on terminal emulator
# binaries. We mention screen here, but all other terminal emulators have
# moved here, with modes set to 0755.
/opt/kde/bin/konsole                    root.root        755
/opt/kde2/bin/konsole                   root.root        755
/opt/kde3/bin/konsole                   root.root        755
/usr/X11R6/bin/xterm                    root.root        755
/usr/X11R6/bin/kterm                    root.root        755
/usr/X11R6/bin/Eterm                    root.root        755
/opt/gnome/bin/gnome-terminal           root.root        755
/usr/X11R6/bin/rxvt                     root.root        755
/usr/X11R6/bin/rxvt.xpm                 root.root        755
/usr/X11R6/bin/wterm                    root.root        755
/usr/X11R6/bin/hanterm                  root.root        755
