Date: Sun, 2 Feb 2020 10:08:12 -0800 (PST) From: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net> To: Miroslav Lachman <000.fbsd@quip.cz> Cc: Ben Woods <woodsb02@gmail.com>, "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>, FreeBSD Hackers <freebsd-hackers@freebsd.org>, Gordon Bergling <gbergling@googlemail.com>, Ryan Stone <rysto32@gmail.com>, Wojciech Puchar <wojtek@puchar.net> Subject: Re: More secure permissions for /root and /etc/sysctl.conf Message-ID: <202002021808.012I8CNm083835@gndrsh.dnsmgr.net> In-Reply-To: <616e8222-a377-fdf0-bf55-79e73a509065@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
[ Charset UTF-8 unsupported, converting... ] > Ben Woods wrote on 2020/02/02 02:46: > > [...] > > DragonFlyBSD 5.6.2 = 700 > > HardenedBSD build 104 = 755 > > NetBSD 9.0 RC1 = 755 > > OpenBSD 6.6 = 700 > > > > For what it's worth, I am broadly supportive of this because I see no > > reason for /root to be world readable. > > +1 > > I see no reason for world readable /root too. > We always set user's homes to 0700 (subdirs of /usr/home). Who is "We" in this context? FreeBSD's default for home directories is 755. And as I have stated before anyone who is taking group rx off of /root is fooling themselves as that just creates pain for members of group wheel who now needlessly need to su to see /root's files. If you have issues with group wheel being able to read /root you have far far bigger problems that need addressed than a simple chmod g-rw /root is going to fix. -- Rod Grimes rgrimes@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202002021808.012I8CNm083835>