More secure permissions for /root and /etc/sysctl.conf
Miroslav Lachman
000.fbsd at quip.cz
Sun Feb 2 21:03:52 UTC 2020
Rodney W. Grimes wrote on 2020/02/02 19:08:
> [ Charset UTF-8 unsupported, converting... ]
>> Ben Woods wrote on 2020/02/02 02:46:
>>
>> [...]
>>> DragonFlyBSD 5.6.2 = 700
>>> HardenedBSD build 104 = 755
>>> NetBSD 9.0 RC1 = 755
>>> OpenBSD 6.6 = 700
>>>
>>> For what it's worth, I am broadly supportive of this because I see no
>>> reason for /root to be world readable.
>>
>> +1
>>
>> I see no reason for world readable /root too.
>> We always set user's homes to 0700 (subdirs of /usr/home).
>
> Who is "We" in this context?
Our sysadmin team at work.
> FreeBSD's default for home directories is 755.
>
> And as I have stated before anyone who is taking group rx off
> of /root is fooling themselves as that just creates pain for
> members of group wheel who now needlessly need to su to
> see /root's files.
Read it again. 700 for homedirs under /usr/home. I am not talking about
700 for /root, just that I see no reason to world readable /root.
Kind reagards
Miroslav Lachman
More information about the freebsd-hackers
mailing list