Date: Sun, 2 Feb 2020 22:03:46 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> To: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net> Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org>, Ben Woods <woodsb02@gmail.com> Subject: Re: More secure permissions for /root and /etc/sysctl.conf Message-ID: <26276f97-e2c5-eeca-5445-45f2ce2b4dec@quip.cz> In-Reply-To: <202002021808.012I8CNm083835@gndrsh.dnsmgr.net> References: <202002021808.012I8CNm083835@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Rodney W. Grimes wrote on 2020/02/02 19:08: > [ Charset UTF-8 unsupported, converting... ] >> Ben Woods wrote on 2020/02/02 02:46: >> >> [...] >>> DragonFlyBSD 5.6.2 = 700 >>> HardenedBSD build 104 = 755 >>> NetBSD 9.0 RC1 = 755 >>> OpenBSD 6.6 = 700 >>> >>> For what it's worth, I am broadly supportive of this because I see no >>> reason for /root to be world readable. >> >> +1 >> >> I see no reason for world readable /root too. >> We always set user's homes to 0700 (subdirs of /usr/home). > > Who is "We" in this context? Our sysadmin team at work. > FreeBSD's default for home directories is 755. > > And as I have stated before anyone who is taking group rx off > of /root is fooling themselves as that just creates pain for > members of group wheel who now needlessly need to su to > see /root's files. Read it again. 700 for homedirs under /usr/home. I am not talking about 700 for /root, just that I see no reason to world readable /root. Kind reagards Miroslav Lachman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?26276f97-e2c5-eeca-5445-45f2ce2b4dec>