More secure permissions for /root and /etc/sysctl.conf
Rodney W. Grimes
freebsd-rwg at gndrsh.dnsmgr.net
Fri Jan 31 10:25:38 UTC 2020
> >>> I don't see the point in making this change to sysctl.conf. sysctls
> >>> are readable by any user. Hiding the contents of sysctl.conf does not
> >>> prevent unprivileged users from seeing what values have been changed
> >>> from the defaults; it merely makes it more tedious.
> >> true. but /root should be root only readable
> >
> > Based on what? What security does this provide to what part of the system?
> based on common sense
Who's common sense, as mine and some others say this is an unneeded
change with no technical merit.
You have provided no technical reasons for your requested change,
yet others have presented technical reasons to not make it,
so to try and base a support position on "common sense" is kinda moot.
We actually discussed this at dinner tonight and no one could come up
with a good reason to lock /root down in such a manner unless someone
was storing stuff in /root that should probably not really be stored
there. Ie, there is a bigger problem than chmod 750 /root is going to
fix.
--
Rod Grimes rgrimes at freebsd.org
More information about the freebsd-hackers
mailing list