Restrict default /root permissions
Remove world-readability from the root directory. Sensitive information may be stored in /root and we diverge here from normative administrative practice, as well as installation defaults of other Unix-alikes. The wheel group is still permitted to read the directory. 750 is no more restrictive than defaults for the rest of the open source Unix-alike world. In particular, Ben Woods surveyed DragonFly, NetBSD, OpenBSD, ArchLinux, CentOS, Debian, Fedora, Slackware, and Ubuntu. None have a world-readable /root by default. Submitted by: Gordon Bergling <gbergling AT gmail.com> Reviewed by: ian, myself Discussed with: emaste (informal approval) Relnotes: sure? Differential Revision: https://reviews.freebsd.org/D23392
This commit is contained in:
Conrad Meyer
parent
8e725dacd2
commit
a35bc248fd
@ -117,7 +117,7 @@
|
|||||||
..
|
..
|
||||||
rescue
|
rescue
|
||||||
..
|
..
|
||||||
root
|
root mode=0750
|
||||||
..
|
..
|
||||||
sbin
|
sbin
|
||||||
..
|
..
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user