What is "negative group permissions"? (Re: narawntapu security run output)
Mikhail T.
mi+thun at aldan.algebra.com
Mon Dec 24 14:57:39 UTC 2012
On 23.12.2012 11:48, Chris Rees wrote:
> They involve a lot of thought to get right, as well as chmod g-w on
> something where you probably meant chmod go-w is a disastrous but
> (perhaps) common error. Chris
Well, in (over 20) years of dealing with Unix, I've never made a mistake
like that, nor do I understand, how it can be considered "common" ...
Got to admit, I was surprised to see it. It made me think, I do not
understand something -- or that FreeBSD is becoming overly
paternalistic. It turned out to be the latter...
I doubt, it is useful. Worse, issuing such warnings routinely, only
reinforces the unfortunate misconceptions like the one Barney
demonstrated in this thread. When originally added, the check was meant
to be off by default:
r215213 | brooks | 2010-11-12 19:40:43 -0500 (пт, 12 лис 2010) | 7 lines
Add an (off by default) check for negative permissions (where the
group on a object has less permissions that everyone). These
permissions will not work reliably over NFS if you have more than
14 supplemental groups and are usually not what you mean.
MFC after: 1 week
perhaps, it should have remained off? Yours,
-mi
More information about the freebsd-stable
mailing list