More secure permissions for /root and /etc/sysctl.conf
Rodney W. Grimes
freebsd-rwg at gndrsh.dnsmgr.net
Thu Jan 30 21:19:54 UTC 2020
>
>
> On Wed, 29 Jan 2020, Ryan Stone wrote:
>
> > On Wed, Jan 29, 2020 at 4:26 AM Gordon Bergling via freebsd-hackers
> > <freebsd-hackers at freebsd.org> wrote:
> >>
> >> Hi,
> >>
> >> I recently stumbled upon the default world readable permissons of /root and
> >> /etc/sysctl.conf. I think that it would be more secure to reduce the default
> >> permission for /root to 0700 and to 0600 for /etc/sysctl.conf.
> >
> > I don't see the point in making this change to sysctl.conf. sysctls
> > are readable by any user. Hiding the contents of sysctl.conf does not
> > prevent unprivileged users from seeing what values have been changed
> > from the defaults; it merely makes it more tedious.
> true. but /root should be root only readable
Based on what? What security does this provide to what part of the system?
Why should it not also be group wheel readable?
Why should a member of wheel have to su to ls /root?
--
Rod Grimes rgrimes at freebsd.org
More information about the freebsd-hackers
mailing list