More secure permissions for /root and /etc/sysctl.conf
Garance A Drosehn
drosih at rpi.edu
Thu Jan 30 15:31:09 UTC 2020
On 29 Jan 2020, at 4:26, Gordon Bergling via freebsd-hackers wrote:
> Hi,
>
> I recently stumbled upon the default world readable permissons of
> /root and
> /etc/sysctl.conf. I think that it would be more secure to reduce the
> default
> permission for /root to 0700 and to 0600 for /etc/sysctl.conf.
>
> I prepared a differtial for the proposed change:
> https://reviews.freebsd.org/D23392
>
> What do you think?
I wouldn't change /etc/sysctl.conf. If others think it should be
changed then I wouldn't object, but I think the permissions are fine
as they are.
I do think that userid root's home directory does not need to be RX
for others, but it seems fine to me if it is RX for group wheel. If
you can't trust the users who you have added to group 'wheel', then
you've got many other issues to worry about.
On my own machines, I usually do change the permissions of /root to
be 750, although I see that I forgot to do that on the two new
servers that I built just last month!
--
Garance Alistair Drosehn = drosih at rpi.edu
Lead Developer @rpi and gad at FreeBSD.org
Rensselaer Polytechnic Institute; Troy, NY; USA
More information about the freebsd-hackers
mailing list