svn commit: r361791 - head/etc/mtree
Rodney W. Grimes
freebsd at gndrsh.dnsmgr.net
Fri Jun 5 14:03:58 UTC 2020
> On Thu, Jun 04, 2020 at 09:19:35AM -0700, Cy Schubert wrote:
> > In message <202006041604.054G4KAb098395 at repo.freebsd.org>, Conrad Meyer
> > writes:
> > > New Revision: 361791
> > > URL: https://svnweb.freebsd.org/changeset/base/361791
> > >
> > > Log:
> > > Restrict default /root permissions
> > >
> > > ...
> > > @@ -117,7 +117,7 @@
> > > ..
> > > rescue
> > > ..
> > > - root
> > > + root mode=0750
> > > ..
> >
> > Recent CIS benchmarks recommend 0700.
Can you provide a pointer, I would like to understand how they
came to the conclusing that 0700 is more secuire than 0750. I
can only think of one situation, in which a member of group wheel
does not know the password for root.
>
> Please, let's keep a reasonable balance between security and usability.
> I often visit /root as a regular user (wheel'ed), and 0700 would make
> it real PITA.
IIRC there is a review and long discussion on this already...
> ./danfe
--
Rod Grimes rgrimes at freebsd.org
More information about the svn-src-all
mailing list