From owner-freebsd-stable@FreeBSD.ORG Sun Dec 23 16:32:56 2012 Return-Path: Delivered-To: stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0565D2A6 for ; Sun, 23 Dec 2012 16:32:56 +0000 (UTC) (envelope-from barney@pit.databus.com) Received: from out.smtp-auth.no-ip.com (smtp-auth.no-ip.com [8.23.224.61]) by mx1.freebsd.org (Postfix) with ESMTP id CF5CB8FC0A for ; Sun, 23 Dec 2012 16:32:55 +0000 (UTC) X-No-IP: databus.com@noip-smtp X-Report-Spam-To: abuse@no-ip.com Received: from pit.databus.com (unknown [96.232.165.25]) (Authenticated sender: databus.com@noip-smtp) by smtp-auth.no-ip.com (Postfix) with ESMTPA id 89071400359; Sun, 23 Dec 2012 08:23:34 -0800 (PST) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.14.5/8.14.5) with ESMTP id qBNGNWF8039375 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 23 Dec 2012 11:23:32 -0500 (EST) (envelope-from barney@pit.databus.com) DKIM-Filter: OpenDKIM Filter v2.7.1 pit.databus.com qBNGNWF8039375 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=databus.com; s=20091218; t=1356279813; bh=bHxfeOIcsyereu3mHGloI4phLcA4u5k+b8We41OZMG8=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=XCn4g22w1trwXjFgcGRLGIJXxkBfI/7Elsy21KetybhJhsEGd7klxbo6h2L+QBW4I dq5O1YE7iYMbfhx0BZTY2bdZXl+a9ijwJKTXnnu8usUxkE1jzwe1RuEZRGwacAIpEN YkQablRZmZbJtG7ItsEQGrgifSJJOqVVc6iXZBZ4= Received: (from barney@localhost) by pit.databus.com (8.14.5/8.14.5/Submit) id qBNGNW7g039374; Sun, 23 Dec 2012 11:23:32 -0500 (EST) (envelope-from barney) Date: Sun, 23 Dec 2012 11:23:32 -0500 From: Barney Wolff To: "Mikhail T." Subject: Re: What is "negative group permissions"? (Re: narawntapu security run output) Message-ID: <20121223162332.GA38788@pit.databus.com> References: <201212230805.qBN850Pj083122@narawntapu.narawntapu> <50D7287C.7020802@aldan.algebra.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <50D7287C.7020802@aldan.algebra.com> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Dec 2012 16:32:56 -0000 The r for other means that you have not accomplished your goal. It makes no sense to have group with less permission that other, so the script is warning of a misconfiguration. On Sun, Dec 23, 2012 at 10:51:24AM -0500, Mikhail T. wrote: > On 23.12.2012 03:05, Charlie Root wrote: > > Checking negative group permissions: > > 8903027 -rw--w-r-- 1 mi www 794277 Oct 23 07:47:45 2007 /home/mi/public_html/syb/order/download.log > Hello! > > The above started to appear in the daily security run output after I > upgraded to 9.1. I don't understand, what this check is doing or why the > above file is reported -- what's abnormal (warning-worthy) about > allowing the web-server to write to, but not read a file? I did it on > purpose to keep all files associated with a project together, but > without inadvertently serving some of them...