On 2019-08-08 15:20 -0400, Marvin Renich wrote:

> This is related to the thread Generating new IDs for cloning, but is
> probably OT for this list.  I guess this is really a question for
> systemd maintainers?  Should I file a bug?


> The man page for machine-id says:
>   This ID uniquely identifies the host. It should be considered
>   "confidential", and must not be exposed in untrusted environments, in
>   particular on the network.
> Why is the file mode 0666?

0644, not 0666.

> Does it need to be non-root readable?

Presumably yes, since applications and services running as non-root will
likely want to access it.

> If so, how can it be prevented from being exposed on the network if
> there is any user access from the network?  Is this really a security
> concern?

No, but it is a privacy concern, since exposing the file over the
network may allow tracking your machine.



Reply via email to