More secure permissions for /root and /etc/sysctl.conf
Wojciech Puchar
wojtek at puchar.net
Thu Jan 30 09:36:10 UTC 2020
On Wed, 29 Jan 2020, Ryan Stone wrote:
> On Wed, Jan 29, 2020 at 4:26 AM Gordon Bergling via freebsd-hackers
> <freebsd-hackers at freebsd.org> wrote:
>>
>> Hi,
>>
>> I recently stumbled upon the default world readable permissons of /root and
>> /etc/sysctl.conf. I think that it would be more secure to reduce the default
>> permission for /root to 0700 and to 0600 for /etc/sysctl.conf.
>
> I don't see the point in making this change to sysctl.conf. sysctls
> are readable by any user. Hiding the contents of sysctl.conf does not
> prevent unprivileged users from seeing what values have been changed
> from the defaults; it merely makes it more tedious.
true. but /root should be root only readable
More information about the freebsd-hackers
mailing list