425e52218c
Remove world-readability from the root directory. Sensitive information may be stored in /root and we diverge here from normative administrative practice, as well as installation defaults of other Unix-alikes. The wheel group is still permitted to read the directory. 750 is no more restrictive than defaults for the rest of the open source Unix-alike world. In particular, Ben Woods surveyed DragonFly, NetBSD, OpenBSD, ArchLinux, CentOS, Debian, Fedora, Slackware, and Ubuntu. None have a world-readable /root by default. Submitted by: Gordon Bergling <gbergling AT gmail.com> Reviewed by: ian, myself Discussed with: emaste (informal approval) Relnotes: sure? Differential Revision: https://reviews.freebsd.org/D23392 |
||
---|---|---|
.. | ||
gss | ||
mtree | ||
root | ||
sendmail | ||
group | ||
Makefile | ||
Makefile.depend | ||
master.passwd | ||
shells |