Date: Sun, 2 Feb 2020 09:46:11 +0800 From: Ben Woods <woodsb02@gmail.com> To: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net> Cc: Gordon Bergling <gbergling@googlemail.com>, FreeBSD Hackers <freebsd-hackers@freebsd.org>, Ryan Stone <rysto32@gmail.com>, Wojciech Puchar <wojtek@puchar.net> Subject: Re: More secure permissions for /root and /etc/sysctl.conf Message-ID: <CAOc73CCYfbLvY%2BegqWruGbP86h_jLryTDvFQ6d4F4_RGQ%2BmUxw@mail.gmail.com> In-Reply-To: <202002011904.011J4rBB079499@gndrsh.dnsmgr.net> References: <4584E3BE-F412-4902-AFB9-CAE88D660ED1@googlemail.com> <202002011904.011J4rBB079499@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 2 Feb 2020 at 03:05, Rodney W. Grimes <freebsd-rwg@gndrsh.dnsmgr.net> wrote: > c) The default for home directories in all the BSD's I looked at > are 755. > > d) All distributions I looked at ship /root as 755. This would be > FreeBSD as the odd man out. > I just spun up a few other BSD's to check this, and found the following for /root permissions: DragonFlyBSD 5.6.2 = 700 HardenedBSD build 104 = 755 NetBSD 9.0 RC1 = 755 OpenBSD 6.6 = 700 For what it's worth, I am broadly supportive of this because I see no reason for /root to be world readable. Given this change only affects new installations, I think the "astonishment" can be reduced by including an entry in the release notes. Regards, Ben
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOc73CCYfbLvY%2BegqWruGbP86h_jLryTDvFQ6d4F4_RGQ%2BmUxw>