From e43d1c5135731444c6540e013b9f0223e1a4c907 Mon Sep 17 00:00:00 2001
From: Michiel Broek <mbse@mbse.eu>
Date: Wed, 11 Aug 2004 19:37:30 +0000
Subject: [PATCH] Changed security

---
 ChangeLog          |   2 +
 Makefile           | 239 ++++++++++++---------------------------------
 html/basic.html.in |  58 +++++------
 mbcico/Makefile    |   4 +-
 mbfido/Makefile    |  14 +--
 mbmon/Makefile     |   2 +-
 mbnntp/Makefile    |   2 +-
 mbsebbs/Makefile   |  14 +--
 mbsetup/Makefile   |   2 +-
 mbtask/Makefile    |   2 +-
 script/Makefile    |  70 ++++++-------
 11 files changed, 148 insertions(+), 261 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index e9050069..42e8b565 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -16,6 +16,8 @@ v0.61.3		25-Jul-2004
 	general:
 		With the newer versions of dosemu running doors as user finally
 		works. To migrate you need to read doors.html.
+		Changed security of most directories and files to allow only
+		bbs users.
 
 	libmbse.a:
 		Removed the fdn parameter from the attach and un_attach 
diff --git a/Makefile b/Makefile
index 95ea6231..31e3ff81 100644
--- a/Makefile
+++ b/Makefile
@@ -40,189 +40,73 @@ install:
 		@if [ -z ${PREFIX} ] ; then \
 			echo; echo "PREFIX is not set!"; echo; exit 3; \
 		fi
-		@if [ ! -d ${PREFIX}/bin ] ; then \
-			mkdir ${PREFIX}/bin ; \
-			${CHOWN} ${OWNER}:${GROUP} ${PREFIX}/bin ; \
-		fi
-		@if [ ! -d ${PREFIX}/etc ] ; then \
-			mkdir ${PREFIX}/etc ; \
-			${CHOWN} ${OWNER}:${GROUP} ${PREFIX}/etc ; \
-		fi
-		@chmod 0775 ${PREFIX}/etc
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0775 ${PREFIX}
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/bin
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/etc
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/etc/dosemu
 		@if [ -f ${PREFIX}/etc/lastcall.data ] ; then \
 			chmod 0660 ${PREFIX}/etc/lastcall.data ; \
 		fi
 		@if [ -f ${PREFIX}/etc/sysinfo.data ] ; then \
 			chmod 0660 ${PREFIX}/etc/sysinfo.data ; \
 		fi
-		@if [ ! -d ${PREFIX}/share ] ; then \
-			mkdir ${PREFIX}/share ; \
-			${CHOWN} ${OWNER}:${GROUP} ${PREFIX}/share ; \
-		fi
-		@if [ ! -d ${PREFIX}/share/doc ] ; then \
-			mkdir ${PREFIX}/share/doc ; \
-			${CHOWN} ${OWNER}:${GROUP} ${PREFIX}/share/doc ; \
-		fi
-		@if [ ! -d ${PREFIX}/fdb ] ; then \
-			mkdir ${PREFIX}/fdb ; \
-			${CHOWN} ${OWNER}:${GROUP} ${PREFIX}/fdb ; \
-		fi
-		@chmod 0775 ${PREFIX}/fdb
-		@if [ ! -d ${PREFIX}/log ] ; then \
-			mkdir ${PREFIX}/log ; \
-			${CHOWN} ${OWNER}:${GROUP} ${PREFIX}/log ; \
-		fi
-		@chmod 0775 ${PREFIX}/log
-		@if [ ! -d ${PREFIX}/magic ] ; then \
-			mkdir ${PREFIX}/magic ; \
-			${CHOWN} ${OWNER}:${GROUP} ${PREFIX}/magic ; \
-		fi
-		@if [ ! -d ${PREFIX}/sema ] ; then \
-			mkdir ${PREFIX}/sema ; \
-			${CHOWN} ${OWNER}:${GROUP} ${PREFIX}/sema ; \
-		fi
-		@chmod 0777 ${PREFIX}/sema
-		@if [ ! -d ${PREFIX}/var ] ; then \
-			mkdir ${PREFIX}/var ; \
-			${CHOWN} ${OWNER}:${GROUP} ${PREFIX}/var ; \
-		fi
-		@if [ ! -d ${PREFIX}/tmp ] ; then \
-			mkdir ${PREFIX}/tmp ; \
-			${CHOWN} ${OWNER}:${GROUP} ${PREFIX}/tmp ; \
-		fi
-		@chmod 0775 ${PREFIX}/tmp
-		@if [ ! -d ${PREFIX}/dutch ] ; then \
-			mkdir ${PREFIX}/dutch ; \
-			mkdir ${PREFIX}/dutch/txtfiles ; \
-			mkdir ${PREFIX}/dutch/menus ; \
-			mkdir ${PREFIX}/dutch/macro ; \
-			${CHOWN} -R ${OWNER}:${GROUP} ${PREFIX}/dutch ; \
-		fi
-		@chmod 0775 ${PREFIX}/dutch/txtfiles
-		@if [ ! -d ${PREFIX}/english ] ; then \
-			mkdir ${PREFIX}/english ; \
-			mkdir ${PREFIX}/english/txtfiles ; \
-			mkdir ${PREFIX}/english/menus ; \
-			mkdir ${PREFIX}/english/macro ; \
-			${CHOWN} -R ${OWNER}:${GROUP} ${PREFIX}/english ; \
-		fi
-		@chmod 0775 ${PREFIX}/english/txtfiles
-		@if [ ! -d ${PREFIX}/italian ] ; then \
-			mkdir ${PREFIX}/italian ; \
-			mkdir ${PREFIX}/italian/txtfiles ; \
-			mkdir ${PREFIX}/italian/menus ; \
-			mkdir ${PREFIX}/italian/macro ; \
-			${CHOWN} -R ${OWNER}:${GROUP} ${PREFIX}/italian ; \
-		fi
-		@chmod 0775 ${PREFIX}/italian/txtfiles
-		@if [ ! -d ${PREFIX}/spanish ] ; then \
-			mkdir ${PREFIX}/spanish ; \
-			mkdir ${PREFIX}/spanish/txtfiles ; \
-			mkdir ${PREFIX}/spanish/menus ; \
-			mkdir ${PREFIX}/spanish/macro ; \
-			${CHOWN} -R ${OWNER}:${GROUP} ${PREFIX}/spanish ; \
-		fi
-		@chmod 0775 ${PREFIX}/spanish/txtfiles
-		@if [ ! -d ${PREFIX}/galego ] ; then \
-			mkdir ${PREFIX}/galego ; \
-			mkdir ${PREFIX}/galego/txtfiles ; \
-			mkdir ${PREFIX}/galego/menus ; \
-			mkdir ${PREFIX}/galego/macro ; \
-			${CHOWN} -R ${OWNER}:${GROUP} ${PREFIX}/galego ; \
-		fi
-		@chmod 0775 ${PREFIX}/galego/txtfiles
-		@if [ ! -d ${PREFIX}/german ] ; then \
-			mkdir ${PREFIX}/german; \
-			mkdir ${PREFIX}/german/txtfiles ; \
-			mkdir ${PREFIX}/german/menus ; \
-			mkdir ${PREFIX}/german/macro ; \
-			${CHOWN} -R ${OWNER}:${GROUP} ${PREFIX}/german; \
-		fi
-		@chmod 0775 ${PREFIX}/german/txtfiles
-		@if [ ! -d ${PREFIX}/french ] ; then \
-			mkdir ${PREFIX}/french; \
-			mkdir ${PREFIX}/french/txtfiles ; \
-			mkdir ${PREFIX}/french/menus ; \
-			mkdir ${PREFIX}/french/macro ; \
-			${CHOWN} -R ${OWNER}:${GROUP} ${PREFIX}/french; \
-		fi
-		@chmod 0775 ${PREFIX}/french/txtfiles
-		@if [ ! -d ${PREFIX}/ftp ] ; then \
-			mkdir ${PREFIX}/ftp ; \
-			mkdir ${PREFIX}/ftp/pub ; \
-			mkdir ${PREFIX}/ftp/incoming ; \
-			mkdir ${PREFIX}/ftp/pub/local ; \
-			${CHOWN} `id -un`:`id -gn` ${PREFIX}/ftp ; \
-			chmod 0755 ${PREFIX}/ftp ; \
-			${CHOWN} ${OWNER}:${GROUP} ${PREFIX}/ftp/pub ; \
-			chmod 0755 ${PREFIX}/ftp/pub ; \
-			${CHOWN} `id -un`:`id -gn` ${PREFIX}/ftp/incoming ; \
-			chmod 0755 ${PREFIX}/ftp/incoming ; \
-			${CHOWN} ${OWNER}:${GROUP} ${PREFIX}/ftp/pub/local ; \
-			chmod 0755 ${PREFIX}/ftp/pub/local ; \
-		fi
-		@if [ ! -d ${PREFIX}/var/bso ] ; then \
-			mkdir ${PREFIX}/var/nodelist ; \
-			mkdir ${PREFIX}/var/bso ; \
-			mkdir ${PREFIX}/var/bso/outbound ; \
-			mkdir ${PREFIX}/var/queue ; \
-			mkdir ${PREFIX}/var/msgs; \
-			mkdir ${PREFIX}/var/badtic ; \
-			mkdir ${PREFIX}/var/ticqueue ; \
-			mkdir ${PREFIX}/var/mail ; \
-			${CHOWN} -R ${OWNER}:${GROUP} ${PREFIX}/var ; \
-			chmod -R 0750 ${PREFIX}/var ; \
-		fi
-		@chmod 0770 ${PREFIX}/var/msgs
-		@if [ ! -d ${PREFIX}/var/boxes ]; then \
-			mkdir ${PREFIX}/var/boxes ; \
-			${CHOWN}  ${OWNER}:${GROUP} ${PREFIX}/var/boxes ; \
-		fi
-		@chmod 0770 ${PREFIX}/var/boxes
-		@if [ ! -d ${PREFIX}/var/rules ]; then \
-			mkdir ${PREFIX}/var/rules ; \
-			${CHOWN}  ${OWNER}:${GROUP} ${PREFIX}/var/rules ; \
-		fi
-		@if [ ! -d ${PREFIX}/var/run ]; then \
-			mkdir ${PREFIX}/var/run ; \
-			${CHOWN}  ${OWNER}:${GROUP} ${PREFIX}/var/run ; \
-		fi
-		@if [ -d ${PREFIX}/var/inbound/tmp ]; then \
-			rmdir ${PREFIX}/var/inbound/tmp ; \
-			echo "Removed ${PREFIX}/var/inbound/tmp" ; \
-		fi
-		@chmod 0770 ${PREFIX}/var/rules
-		@chmod 0770 ${PREFIX}/var/run
-		@if [ ! -d ${PREFIX}/var/unknown ] ; then \
-			mkdir ${PREFIX}/var/unknown ; \
-			mkdir ${PREFIX}/var/inbound ; \
-			${CHOWN} ${OWNER}:${GROUP} ${PREFIX}/var/unknown ; \
-			${CHOWN} ${OWNER}:${GROUP} ${PREFIX}/var/inbound ; \
-			chmod 0750 ${PREFIX}/var/unknown ; \
-			chmod 0750 ${PREFIX}/var/inbound ; \
-		fi
-		@chmod 0770 ${PREFIX}/var
-		@chmod 0770 ${PREFIX}/var/mail
-		@if [ ! -d ${PREFIX}/var/arealists ] ; then \
-			mkdir ${PREFIX}/var/arealists ; \
-			${CHOWN} ${OWNER}:${GROUP} ${PREFIX}/var/arealists ; \
-			chmod 0750 ${PREFIX}/var/arealists ; \
-		fi
-		@if [ ! -d ${PREFIX}/var/dosemu ]; then \
-			mkdir ${PREFIX}/var/dosemu ; \
-			chmod 0770 ${PREFIX}/var/dosemu ; \
-			${CHOWN} ${OWNER}:${GROUP} ${PREFIX}/var/dosemu ; \
-		fi
-		@if [ ! -d ${PREFIX}/var/dosemu/c ]; then \
-			mkdir ${PREFIX}/var/dosemu/c ; \
-			chmod 0770 ${PREFIX}/var/dosemu/c ; \
-			${CHOWN} ${OWNER}:${GROUP} ${PREFIX}/var/dosemu/c ; \
-		fi
-		@if [ ! -d ${PREFIX}/etc/dosemu ]; then \
-			mkdir ${PREFIX}/etc/dosemu ; \
-			chmod 0750 ${PREFIX}/etc/dosemu ; \
-			${CHOWN} ${OWNER}:${GROUP} ${PREFIX}/etc/dosemu ; \
-		fi
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/share/doc/html
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/share/doc/tags
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/fdb
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/log
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/magic
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0777 ${PREFIX}/sema
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/tmp
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/home
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/dutch
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/dutch/txtfiles
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/dutch/menus
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/dutch/macro
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/english
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/english/txtfiles
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/english/menus
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/english/macro
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/italian
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/italian/txtfiles
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/italian/menus
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/italian/macro
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/spanish
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/spanish/txtfiles
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/spanish/menus
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/spanish/macro
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/galego
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/galego/txtfiles
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/galego/menus
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/galego/macro
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/german
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/german/txtfiles
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/german/menus
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/german/macro
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/french
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/french/txtfiles
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/french/menus
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/french/macro
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/ftp/pub/local
+		${INSTALL} -d -o ${ROWNER} -g ${RGROUP} -m 0750 ${PREFIX}/ftp/incoming
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/var
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/var/arealists
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/var/badtic
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/var/boxes
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/var/bso
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/var/bso/outbound
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/var/boxes
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/var/dosemu
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/var/dosemu/c
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/var/hatch
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/var/inbound
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/var/mail
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/var/msgs
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/var/nodelist
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/var/queue
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/var/rules
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0770 ${PREFIX}/var/run
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/var/ticqueue
+		${INSTALL} -d -o ${OWNER} -g ${GROUP} -m 0750 ${PREFIX}/var/unknown
 		@if [ -x ${BINDIR}/mbtelnetd ]; then \
 			rm ${BINDIR}/mbtelnetd ; \
 			echo "removed ${BINDIR}/mbtelnetd"; \
@@ -232,6 +116,7 @@ install:
 			echo; echo "If there is nothing important in ${PREFIX}/doc" ; \
 			echo "you may remove that obsolete directory." ; \
 		fi
+
 dist tar:	${TARFILE}
 
 clean:
diff --git a/html/basic.html.in b/html/basic.html.in
index a66001da..bd7a85b6 100644
--- a/html/basic.html.in
+++ b/html/basic.html.in
@@ -14,7 +14,7 @@
 </HEAD>
 <BODY>
 <BLOCKQUOTE>
-<div align="right"><h5>Last update 09-Aug-2004</h5></div>
+<div align="right"><h5>Last update 11-Aug-2004</h5></div>
 <div align="center"><h1>MBSE BBS Basic Installation</h1></div>
 
 <h3>Introduction.</h3>
@@ -42,43 +42,43 @@ MBSE BBS is default installed in <b>/opt/mbse</b>. The default filesystem
 layout looks like this:<br>
 <pre>
 /opt/mbse                      0775  Default MBSE_ROOT
-/opt/mbse/bin                  0755  Binaries
-/opt/mbse/dutch/macro          0755  Dutch macro files
-/opt/mbse/dutch/menus          0755  Dutch menu files
-/opt/mbse/dutch/txtfiles       0755  Dutch ANSI files
-/opt/mbse/english/macro        0755  Default english macro files
-/opt/mbse/english/menus        0755  Default english menu files
-/opt/mbse/english/txtfiles     0755  Default english ANSI files
-/opt/mbse/etc                  0775  System configuration files
+/opt/mbse/bin                  0770  Binaries
+/opt/mbse/dutch/macro          0750  Dutch macro files
+/opt/mbse/dutch/menus          0750  Dutch menu files
+/opt/mbse/dutch/txtfiles       0770  Dutch ANSI files
+/opt/mbse/english/macro        0750  Default english macro files
+/opt/mbse/english/menus        0750  Default english menu files
+/opt/mbse/english/txtfiles     0770  Default english ANSI files
+/opt/mbse/etc                  0770  System configuration files
 /opt/mbse/etc/dosemu           0750  DOSemu configuration files
-/opt/mbse/fdb                  0775  Files database
-/opt/mbse/ftp/pub              0775  Default FTP root for download areas.
-/opt/mbse/galego/macro         0755  Galego macro files
-/opt/mbse/galego/menus         0755  Galego menu files
-/opt/mbse/galego/txtfiles      0755  Galego ANSI files
+/opt/mbse/fdb                  0770  Files database
+/opt/mbse/ftp/pub              0755  Default FTP root for download areas.
+/opt/mbse/galego/macro         0750  Galego macro files
+/opt/mbse/galego/menus         0750  Galego menu files
+/opt/mbse/galego/txtfiles      0770  Galego ANSI files
 /opt/mbse/home                 0770  Users homedirectories
 /opt/mbse/home/bbs             0770  Newuser account
 /opt/mbse/html                 0755  HTML documentation
-/opt/mbse/italian/macro        0755  Italian macro files
-/opt/mbse/italian/menus        0755  Italian menu files
-/opt/mbse/italian/txtfiles     0755  Italian ANSI files
-/opt/mbse/log                  0775  MBSE BBS logfiles
-/opt/mbse/magic                0755  Magic filerequest names
+/opt/mbse/italian/macro        0750  Italian macro files
+/opt/mbse/italian/menus        0750  Italian menu files
+/opt/mbse/italian/txtfiles     0770  Italian ANSI files
+/opt/mbse/log                  0770  MBSE BBS logfiles
+/opt/mbse/magic                0750  Magic filerequest names
 /opt/mbse/sema                 0777  Semafore files
-/opt/mbse/share/doc            0755  Generated sitedocs
-/opt/mbse/share/doc/html       0755  Generated html sitedocs
-/opt/mbse/share/doc/tags       0755  Generated area tags
-/opt/mbse/spanish/macro        0755  Spanish macro files
-/opt/mbse/spanish/menus        0755  Spanish menu files
-/opt/mbse/spanish/txtfiles     0755  Spanish ANSI files
-/opt/mbse/tmp                  0775  Temp directory
-/opt/mbse/tmp/arc              0775  Temp archiver directory
+/opt/mbse/share/doc            0750  Generated sitedocs
+/opt/mbse/share/doc/html       0750  Generated html sitedocs
+/opt/mbse/share/doc/tags       0750  Generated area tags
+/opt/mbse/spanish/macro        0750  Spanish macro files
+/opt/mbse/spanish/menus        0750  Spanish menu files
+/opt/mbse/spanish/txtfiles     0770  Spanish ANSI files
+/opt/mbse/tmp                  0770  Temp directory
+/opt/mbse/tmp/arc              0770  Temp archiver directory
 /opt/mbse/var                  0770  Var root
 /opt/mbse/var/arealists        0750  Areamgr arealist files
 /opt/mbse/var/badtic           0750  Bad TIC files
 /opt/mbse/var/boxes            0770  Base for nodes fileboxes
-/opt/mbse/var/bso              0750  Binkley Style Outbound directory
-/opt/mbse/var/bso/outbound     0750  Default outbound for main aka
+/opt/mbse/var/bso              0770  Binkley Style Outbound directory
+/opt/mbse/var/bso/outbound     0770  Default outbound for main aka
 /opt/mbse/var/dosemu           0770  Base for DOS drives
 /opt/mbse/var/dosemu/c         0770  DOS drive C:
 /opt/mbse/var/inbound          0750  Protected inbound directory
diff --git a/mbcico/Makefile b/mbcico/Makefile
index 7b726319..3a148c30 100644
--- a/mbcico/Makefile
+++ b/mbcico/Makefile
@@ -46,8 +46,8 @@ clean:
 		rm -f ${TARGET} *.o *.h~ *.c~ core filelist Makefile.bak
 
 install:	all
-		${INSTALL} -c -s -g ${GROUP} -o ${OWNER} -m 4751 mbcico    ${BINDIR}
-		${INSTALL} -c -s -g ${GROUP} -o ${OWNER} -m 0755 mbout     ${BINDIR}
+		${INSTALL} -c -s -g ${GROUP} -o ${OWNER} -m 4750 mbcico    ${BINDIR}
+		${INSTALL} -c -s -g ${GROUP} -o ${OWNER} -m 0750 mbout     ${BINDIR}
 		@rm -f ${BINDIR}/mbtelind
 		@rm -f ${BINDIR}/mbtelout
 
diff --git a/mbfido/Makefile b/mbfido/Makefile
index d60c2da8..0f45b307 100644
--- a/mbfido/Makefile
+++ b/mbfido/Makefile
@@ -83,13 +83,13 @@ clean:
 		rm -f ${TARGET} *.o *.h~ *.c~ core filelist Makefile.bak
 
 install:	all
-		${INSTALL} -c -s -o ${OWNER} -g ${GROUP} -m 4751 mbfido  ${BINDIR}
-		${INSTALL} -c -s -o ${OWNER} -g ${GROUP} -m 0711 mbseq   ${BINDIR}
-		${INSTALL} -c -s -o ${OWNER} -g ${GROUP} -m 0711 mbaff   ${BINDIR}
-		${INSTALL} -c -s -o ${OWNER} -g ${GROUP} -m 0711 mbindex ${BINDIR}
-		${INSTALL} -c -s -o ${OWNER} -g ${GROUP} -m 0711 mbdiff  ${BINDIR}
-		${INSTALL} -c -s -o ${OWNER} -g ${GROUP} -m 0711 mbfile  ${BINDIR}
-		${INSTALL} -c -s -o ${OWNER} -g ${GROUP} -m 0711 mbmsg   ${BINDIR}
+		${INSTALL} -c -s -o ${OWNER} -g ${GROUP} -m 4750 mbfido  ${BINDIR}
+		${INSTALL} -c -s -o ${OWNER} -g ${GROUP} -m 0750 mbseq   ${BINDIR}
+		${INSTALL} -c -s -o ${OWNER} -g ${GROUP} -m 0700 mbaff   ${BINDIR}
+		${INSTALL} -c -s -o ${OWNER} -g ${GROUP} -m 0700 mbindex ${BINDIR}
+		${INSTALL} -c -s -o ${OWNER} -g ${GROUP} -m 0700 mbdiff  ${BINDIR}
+		${INSTALL} -c -s -o ${OWNER} -g ${GROUP} -m 0700 mbfile  ${BINDIR}
+		${INSTALL} -c -s -o ${OWNER} -g ${GROUP} -m 0700 mbmsg   ${BINDIR}
 		rm -f ${BINDIR}/mbmail
 		${LN_S}  ${BINDIR}/mbfido ${BINDIR}/mbmail
 		rm -f ${BINDIR}/mbnews
diff --git a/mbmon/Makefile b/mbmon/Makefile
index 4d04287c..b3270fd6 100644
--- a/mbmon/Makefile
+++ b/mbmon/Makefile
@@ -25,7 +25,7 @@ clean:
 		rm -f mbmon *.o *.h~ *.c~ core filelist Makefile.bak
 
 install:	all
-		${INSTALL} -c -s -g ${GROUP} -o ${OWNER} -m ${MODE} mbmon   ${BINDIR}
+		${INSTALL} -c -s -g ${GROUP} -o ${OWNER} -m 0700 mbmon   ${BINDIR}
 
 filelist:	Makefile
 		BASE=`pwd`; \
diff --git a/mbnntp/Makefile b/mbnntp/Makefile
index 6a35795a..adddafb8 100644
--- a/mbnntp/Makefile
+++ b/mbnntp/Makefile
@@ -27,7 +27,7 @@ clean:
 		rm -f mbnntp *.o *.h~ *.c~ core filelist Makefile.bak
 
 install:	all
-		${INSTALL} -c -s -g ${GROUP} -o ${OWNER} -m 4751 mbnntp   ${BINDIR}
+		${INSTALL} -c -s -g ${GROUP} -o ${OWNER} -m 4750 mbnntp   ${BINDIR}
 
 filelist:	Makefile
 		BASE=`pwd`; \
diff --git a/mbsebbs/Makefile b/mbsebbs/Makefile
index 3cebd481..8354c458 100644
--- a/mbsebbs/Makefile
+++ b/mbsebbs/Makefile
@@ -80,13 +80,13 @@ install:	all
 		@if [ "`id -un`" != "root" ] ; then \
 			echo; echo " Must be root to install!"; echo; exit 3; \
 		fi
-		${INSTALL} -c -s -o ${OWNER} -g ${GROUP}  -m 0711 mbsebbs   ${BINDIR}
-		${INSTALL} -c -s -o ${OWNER} -g ${GROUP}  -m 6711 mbnewusr  ${BINDIR}
-		${INSTALL} -c -s -o ${OWNER} -g ${GROUP}  -m 0711 mball     ${BINDIR}
-		${INSTALL} -c -s -o ${OWNER} -g ${GROUP}  -m 0711 mblang    ${BINDIR}
-		${INSTALL} -c -s -o ${OWNER} -g ${GROUP}  -m 0711 mbstat    ${BINDIR}
-		${INSTALL} -c -s -o ${OWNER} -g ${GROUP}  -m 0711 mbtoberep ${BINDIR}
-		${INSTALL} -c -s -o ${ROWNER} -g ${RGROUP} -m 6711 mbuser    ${BINDIR}
+		${INSTALL} -c -s -o ${OWNER} -g ${GROUP}  -m 0750 mbsebbs   ${BINDIR}
+		${INSTALL} -c -s -o ${OWNER} -g ${GROUP}  -m 6750 mbnewusr  ${BINDIR}
+		${INSTALL} -c -s -o ${OWNER} -g ${GROUP}  -m 0700 mball     ${BINDIR}
+		${INSTALL} -c -s -o ${OWNER} -g ${GROUP}  -m 0700 mblang    ${BINDIR}
+		${INSTALL} -c -s -o ${OWNER} -g ${GROUP}  -m 0700 mbstat    ${BINDIR}
+		${INSTALL} -c -s -o ${OWNER} -g ${GROUP}  -m 0700 mbtoberep ${BINDIR}
+		${INSTALL} -c -s -o ${ROWNER} -g ${RGROUP} -m 6700 mbuser    ${BINDIR}
 		@rm -f mbchat
 
 filelist:	Makefile
diff --git a/mbsetup/Makefile b/mbsetup/Makefile
index ae1ecb87..1570d90d 100644
--- a/mbsetup/Makefile
+++ b/mbsetup/Makefile
@@ -40,7 +40,7 @@ clean:
 		rm -f mbsetup *.o *.h~ *.c~ core filelist Makefile.bak
 
 install:	all
-		${INSTALL} -c -s -g ${GROUP} -o ${OWNER} -m ${MODE} mbsetup ${BINDIR}
+		${INSTALL} -c -s -g ${GROUP} -o ${OWNER} -m 0700 mbsetup ${BINDIR}
 
 filelist:	Makefile
 		BASE=`pwd`; \
diff --git a/mbtask/Makefile b/mbtask/Makefile
index 4526aa65..6aa06349 100644
--- a/mbtask/Makefile
+++ b/mbtask/Makefile
@@ -33,7 +33,7 @@ install:	all
 		@if [ "`id -un`" != "root" ] ; then \
 			echo; echo " Must be root to install!"; echo; exit 3; \
 		fi
-		${INSTALL} -c -s -o ${ROWNER} -g ${RGROUP} -m 6755 mbtask   ${BINDIR}
+		${INSTALL} -c -s -o ${ROWNER} -g ${RGROUP} -m 6711 mbtask   ${BINDIR}
 		@if [ ! -f ${ETCDIR}/issue ]; then \
 			${INSTALL} -c -o ${OWNER} -g ${GROUP} -m 0644 issue  ${ETCDIR} ; \
 			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP} -m 0644 issue  ${ETCDIR}"; \
diff --git a/script/Makefile b/script/Makefile
index c248effb..f08c584b 100644
--- a/script/Makefile
+++ b/script/Makefile
@@ -20,39 +20,39 @@ install:
 			echo; echo " Must be root to install!"; echo; exit 3; \
 		fi
 		@if [ ! -x ${ETCDIR}/maint ]; then \
-			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0744 maint       ${ETCDIR} ; \
-			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0744 maint       ${ETCDIR}" ; \
+			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0700 maint       ${ETCDIR} ; \
+			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0700 maint       ${ETCDIR}" ; \
 		else \
-			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0644 maint       ${ETCDIR}/maint.new ; \
-			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0644 maint       ${ETCDIR}/maint.new" ; \
+			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0700 maint       ${ETCDIR}/maint.new ; \
+			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0700 maint       ${ETCDIR}/maint.new" ; \
 		fi
 		@if [ ! -x ${ETCDIR}/midnight ]; then \
-			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0744 midnight    ${ETCDIR} ; \
-			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0744 midnight    ${ETCDIR}" ; \
+			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0700 midnight    ${ETCDIR} ; \
+			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0700 midnight    ${ETCDIR}" ; \
 		else \
-			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0644 midnight    ${ETCDIR}/midnight.new ; \
-			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0644 midnight    ${ETCDIR}/midnight.new" ; \
+			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0700 midnight    ${ETCDIR}/midnight.new ; \
+			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0700 midnight    ${ETCDIR}/midnight.new" ; \
 		fi
 		@if [ ! -x ${ETCDIR}/weekly ]; then \
-			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0744 weekly      ${ETCDIR} ; \
-			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0744 weekly      ${ETCDIR}" ; \
+			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0700 weekly      ${ETCDIR} ; \
+			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0700 weekly      ${ETCDIR}" ; \
 		else \
-			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0644 weekly      ${ETCDIR}/weekly.new ; \
-			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0644 weekly      ${ETCDIR}/weekly.new" ; \
+			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0700 weekly      ${ETCDIR}/weekly.new ; \
+			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0700 weekly      ${ETCDIR}/weekly.new" ; \
 		fi
 		@if [ ! -x ${ETCDIR}/monthly ]; then \
-			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0744 monthly     ${ETCDIR} ; \
-			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0744 monthly     ${ETCDIR}" ; \
+			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0700 monthly     ${ETCDIR} ; \
+			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0700 monthly     ${ETCDIR}" ; \
 		else \
-			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0644 monthly     ${ETCDIR}/monthly.new ; \
-			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0644 monthly     ${ETCDIR}/monthly.new" ; \
+			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0700 monthly     ${ETCDIR}/monthly.new ; \
+			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0700 monthly     ${ETCDIR}/monthly.new" ; \
 		fi
 		@if [ ! -x ${BINDIR}/hatch ]; then \
-			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0744 hatch       ${BINDIR} ; \
-			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0744 hatch       ${BINDIR}" ; \
+			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0700 hatch       ${BINDIR} ; \
+			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0700 hatch       ${BINDIR}" ; \
 		else  \
-			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0644 hatch       ${BINDIR}/hatch.new ; \
-			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0644 hatch       ${BINDIR}/hatch/new" ; \
+			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0700 hatch       ${BINDIR}/hatch.new ; \
+			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0700 hatch       ${BINDIR}/hatch/new" ; \
 		fi
 		@if [ -x ${JOEBIN}/joe ]; then \
 			echo "Installing support for joe editor" ; \
@@ -62,8 +62,8 @@ install:
 			${LN_S} ${JOEBIN}/joe ${JOEBIN}/bbsjoe ; \
 			echo "${LN_S} ${JOEBIN}/joe ${JOEBIN}/bbsjmacs" ; \
 			${LN_S} ${JOEBIN}/joe ${JOEBIN}/bbsjmacs ; \
-			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0755 editor      ${BINDIR} ; \
-			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0755 editor      ${BINDIR}" ; \
+			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0750 editor      ${BINDIR} ; \
+			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0750 editor      ${BINDIR}" ; \
 		fi
 		@if [ -d ${JOELIB} ]; then \
 			${INSTALL} -c -o ${ROWNER} -g ${RGROUP} -m 0644 bbsjoerc    ${JOELIB} ; \
@@ -72,22 +72,22 @@ install:
 			echo "${INSTALL} -c -o ${ROWNER} -g ${RGROUP} -m 0644 bbsjmacsrc  ${JOELIB}" ; \
 		fi
 		@if [ ! -x ${BINDIR}/bbsdoor.sh ]; then \
-			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0755 bbsdoor.sh  ${BINDIR} ; \
-			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0755 bbsdoor.sh  ${BINDIR}" ; \
-			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0755 rundoor.sh  ${BINDIR} ; \
-			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0755 rundoor.sh  ${BINDIR}" ; \
-			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0755 runvirtual.sh  ${BINDIR} ; \
-			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0755 runvirtual.sh  ${BINDIR}" ; \
+			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0750 bbsdoor.sh  ${BINDIR} ; \
+			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0750 bbsdoor.sh  ${BINDIR}" ; \
+			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0750 rundoor.sh  ${BINDIR} ; \
+			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0750 rundoor.sh  ${BINDIR}" ; \
+			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0750 runvirtual.sh  ${BINDIR} ; \
+			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0750 runvirtual.sh  ${BINDIR}" ; \
 		else \
-			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0644 bbsdoor.sh  ${BINDIR}/bbsdoor.sh.new ; \
-			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0644 bbsdoor.sh  ${BINDIR}/bbsdoor.sh.new" ; \
-			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0644 rundoor.sh  ${BINDIR}/rundoor.sh.new ; \
-			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0644 rundoor.sh  ${BINDIR}/rundoor.sh.new" ; \
-			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0644 runvirtual.sh  ${BINDIR}/runvirtual.sh.new ; \
-			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0644 runvirtual.sh  ${BINDIR}/runvirtual.sh.new" ; \
+			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0750 bbsdoor.sh  ${BINDIR}/bbsdoor.sh.new ; \
+			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0750 bbsdoor.sh  ${BINDIR}/bbsdoor.sh.new" ; \
+			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0750 rundoor.sh  ${BINDIR}/rundoor.sh.new ; \
+			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0750 rundoor.sh  ${BINDIR}/rundoor.sh.new" ; \
+			${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0750 runvirtual.sh  ${BINDIR}/runvirtual.sh.new ; \
+			echo "${INSTALL} -c -o ${OWNER} -g ${GROUP}  -m 0750 runvirtual.sh  ${BINDIR}/runvirtual.sh.new" ; \
 		fi
 		${INSTALL}    -o ${OWNER} -g ${GROUP}  -m 0640 doors.bat    ${VARDIR}/dosemu/c
-		${INSTALL}    -o ${OWNER} -g ${GROUP}  -m 0744 mbsedos      ${BINDIR}
+		${INSTALL}    -o ${OWNER} -g ${GROUP}  -m 0700 mbsedos      ${BINDIR}
 		@bash ./installinit.sh
 
 filelist:	Makefile