Remove root from the kmem, sys, tty, and staff groups in the default
configuration. Root privileges override DAC on local file systems and therefore root does not generally need to be a member of a group to access files owned by that group. In the NFS case, require explicit authorization for root to have these privileges. Leave root in operator for dump/restore broadcast reasons; leave root in wheel until discrepencies in the "no users in wheel means any user can su" policy are resolved (possibly indefinitely).
This commit is contained in:
parent
4275e0d98d
commit
975819b705
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=105055
Loading…
Reference in New Issue
Block a user