Date: Thu, 30 Jan 2020 10:36:04 +0100 (CET) From: Wojciech Puchar <wojtek@puchar.net> To: Ryan Stone <rysto32@gmail.com> Cc: Gordon Bergling <gbergling@googlemail.com>, FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: More secure permissions for /root and /etc/sysctl.conf Message-ID: <alpine.BSF.2.20.2001301035500.32668@puchar.net> In-Reply-To: <CAFMmRNxXManuVe46RyJ=-qwqd0K3VhTgAjzw9Kw_s1TjDJrusQ@mail.gmail.com> References: <20200129092631.GA22505@lion.0xfce3.net> <CAFMmRNxXManuVe46RyJ=-qwqd0K3VhTgAjzw9Kw_s1TjDJrusQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 29 Jan 2020, Ryan Stone wrote: > On Wed, Jan 29, 2020 at 4:26 AM Gordon Bergling via freebsd-hackers > <freebsd-hackers@freebsd.org> wrote: >> >> Hi, >> >> I recently stumbled upon the default world readable permissons of /root and >> /etc/sysctl.conf. I think that it would be more secure to reduce the default >> permission for /root to 0700 and to 0600 for /etc/sysctl.conf. > > I don't see the point in making this change to sysctl.conf. sysctls > are readable by any user. Hiding the contents of sysctl.conf does not > prevent unprivileged users from seeing what values have been changed > from the defaults; it merely makes it more tedious. true. but /root should be root only readable
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.20.2001301035500.32668>