On 12/10/2017 08:10 PM, Ian Zimmerman wrote: > $ for f in /etc/at/at.deny /etc/cron.hourly/0anacron > /etc/default/useradd ; do > ls -l $f ; qfile $f ; > done > -rw-r----- 1 root at 166 Dec 10 16:57 /etc/at/at.deny > sys-process/at (/etc/at/at.deny) > -rwxr-x--- 1 root root 392 Nov 4 21:04 /etc/cron.hourly/0anacron > sys-process/cronie (/etc/cron.hourly/0anacron) > -rw------- 1 root root 96 Aug 14 10:57 /etc/default/useradd > sys-apps/shadow (/etc/default/useradd) > > None of these seem sensitive to me, and restricting them like this looks > like a case of SBO.
I realized that you meant "security by obscurity" after a while, but the first google result is "small bowel obstruction" =P It's probably just the principle of least privilege in play. If no one other than root needs to read those files, then no one other than root should be able to read those files. The at.deny and default/useradd files might be overkill, but I would still rather be safe than sorry. But for anacron: people are stupid enough to put passwords in there.