More secure permissions for /root and /etc/sysctl.conf
Lars Engels
lme at freebsd.org
Fri Jan 31 16:13:57 UTC 2020
On Fri, Jan 31, 2020 at 02:25:35AM -0800, Rodney W. Grimes wrote:
> > >>> I don't see the point in making this change to sysctl.conf. sysctls
> > >>> are readable by any user. Hiding the contents of sysctl.conf does not
> > >>> prevent unprivileged users from seeing what values have been changed
> > >>> from the defaults; it merely makes it more tedious.
> > >> true. but /root should be root only readable
> > >
> > > Based on what? What security does this provide to what part of the system?
> > based on common sense
>
> Who's common sense, as mine and some others say this is an unneeded
> change with no technical merit.
>
> You have provided no technical reasons for your requested change,
> yet others have presented technical reasons to not make it,
> so to try and base a support position on "common sense" is kinda moot.
>
> We actually discussed this at dinner tonight and no one could come up
> with a good reason to lock /root down in such a manner unless someone
> was storing stuff in /root that should probably not really be stored
> there. Ie, there is a bigger problem than chmod 750 /root is going to
> fix.
/root can store config files and shell history with confidential
information.
More information about the freebsd-hackers
mailing list