More secure permissions for /root and /etc/sysctl.conf
Rodney W. Grimes
freebsd-rwg at gndrsh.dnsmgr.net
Sun Feb 2 18:08:18 UTC 2020
[ Charset UTF-8 unsupported, converting... ]
> Ben Woods wrote on 2020/02/02 02:46:
>
> [...]
> > DragonFlyBSD 5.6.2 = 700
> > HardenedBSD build 104 = 755
> > NetBSD 9.0 RC1 = 755
> > OpenBSD 6.6 = 700
> >
> > For what it's worth, I am broadly supportive of this because I see no
> > reason for /root to be world readable.
>
> +1
>
> I see no reason for world readable /root too.
> We always set user's homes to 0700 (subdirs of /usr/home).
Who is "We" in this context?
FreeBSD's default for home directories is 755.
And as I have stated before anyone who is taking group rx off
of /root is fooling themselves as that just creates pain for
members of group wheel who now needlessly need to su to
see /root's files.
If you have issues with group wheel being able to read /root
you have far far bigger problems that need addressed than
a simple chmod g-rw /root is going to fix.
--
Rod Grimes rgrimes at freebsd.org
More information about the freebsd-hackers
mailing list