Date: Thu, 30 Jan 2020 10:31:03 -0500 From: "Garance A Drosehn" <drosih@rpi.edu> To: "Gordon Bergling" <gbergling@googlemail.com> Cc: freebsd-hackers@freebsd.org Subject: Re: More secure permissions for /root and /etc/sysctl.conf Message-ID: <5DBC355C-0F87-4536-B418-A570504D2FD5@rpi.edu> In-Reply-To: <20200129092631.GA22505@lion.0xfce3.net> References: <20200129092631.GA22505@lion.0xfce3.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 29 Jan 2020, at 4:26, Gordon Bergling via freebsd-hackers wrote: > Hi, > > I recently stumbled upon the default world readable permissons of > /root and > /etc/sysctl.conf. I think that it would be more secure to reduce the > default > permission for /root to 0700 and to 0600 for /etc/sysctl.conf. > > I prepared a differtial for the proposed change: > https://reviews.freebsd.org/D23392 > > What do you think? I wouldn't change /etc/sysctl.conf. If others think it should be changed then I wouldn't object, but I think the permissions are fine as they are. I do think that userid root's home directory does not need to be RX for others, but it seems fine to me if it is RX for group wheel. If you can't trust the users who you have added to group 'wheel', then you've got many other issues to worry about. On my own machines, I usually do change the permissions of /root to be 750, although I see that I forgot to do that on the two new servers that I built just last month! -- Garance Alistair Drosehn = drosih@rpi.edu Lead Developer @rpi and gad@FreeBSD.org Rensselaer Polytechnic Institute; Troy, NY; USA
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5DBC355C-0F87-4536-B418-A570504D2FD5>