On 12/10/2017 08:10 PM, Ian Zimmerman wrote:
> $ for f in /etc/at/at.deny /etc/cron.hourly/0anacron
> /etc/default/useradd ; do
>   ls -l $f ; qfile $f ;
> done
> -rw-r----- 1 root at 166 Dec 10 16:57 /etc/at/at.deny
> sys-process/at (/etc/at/at.deny)
> -rwxr-x--- 1 root root 392 Nov  4 21:04 /etc/cron.hourly/0anacron
> sys-process/cronie (/etc/cron.hourly/0anacron)
> -rw------- 1 root root 96 Aug 14 10:57 /etc/default/useradd
> sys-apps/shadow (/etc/default/useradd)
> 
> None of these seem sensitive to me, and restricting them like this looks
> like a case of SBO.

I realized that you meant "security by obscurity" after a while, but the
first google result is "small bowel obstruction" =P

It's probably just the principle of least privilege in play. If no one
other than root needs to read those files, then no one other than root
should be able to read those files. The at.deny and default/useradd
files might be overkill, but I would still rather be safe than sorry.

But for anacron: people are stupid enough to put passwords in there.

Reply via email to