More secure permissions for /root and /etc/sysctl.conf
Cy Schubert
Cy.Schubert at cschubert.com
Mon Feb 3 17:11:07 UTC 2020
On February 2, 2020 10:08:12 AM PST, "Rodney W. Grimes" <freebsd-rwg at gndrsh.dnsmgr.net> wrote:
>[ Charset UTF-8 unsupported, converting... ]
>> Ben Woods wrote on 2020/02/02 02:46:
>>
>> [...]
>> > DragonFlyBSD 5.6.2 = 700
>> > HardenedBSD build 104 = 755
>> > NetBSD 9.0 RC1 = 755
>> > OpenBSD 6.6 = 700
>> >
>> > For what it's worth, I am broadly supportive of this because I see
>no
>> > reason for /root to be world readable.
>>
>> +1
>>
>> I see no reason for world readable /root too.
>> We always set user's homes to 0700 (subdirs of /usr/home).
>
>Who is "We" in this context?
>
>FreeBSD's default for home directories is 755.
>
>And as I have stated before anyone who is taking group rx off
>of /root is fooling themselves as that just creates pain for
>members of group wheel who now needlessly need to su to
>see /root's files.
>
>If you have issues with group wheel being able to read /root
>you have far far bigger problems that need addressed than
>a simple chmod g-rw /root is going to fix.
Agreed.
--
Pardon the typos and autocorrect, small keyboard in use.
Cy Schubert <Cy.Schubert at cschubert.com>
FreeBSD UNIX: <cy at FreeBSD.org> Web: https://www.FreeBSD.org
The need of the many outweighs the greed of the few.
Sent from my Android device with K-9 Mail. Please excuse my brevity.
More information about the freebsd-hackers
mailing list