> On Thu, Jun 04, 2020 at 09:19:35AM -0700, Cy Schubert wrote: > > In message <202006041604.054g4kab098...@repo.freebsd.org>, Conrad Meyer > > writes: > > > New Revision: 361791 > > > URL: https://svnweb.freebsd.org/changeset/base/361791 > > > > > > Log: > > > Restrict default /root permissions > > > > > > ... > > > @@ -117,7 +117,7 @@ > > > .. > > > rescue > > > .. > > > - root > > > + root mode=0750 > > > .. > > > > Recent CIS benchmarks recommend 0700.
Can you provide a pointer, I would like to understand how they came to the conclusing that 0700 is more secuire than 0750. I can only think of one situation, in which a member of group wheel does not know the password for root. > > Please, let's keep a reasonable balance between security and usability. > I often visit /root as a regular user (wheel'ed), and 0700 would make > it real PITA. IIRC there is a review and long discussion on this already... > ./danfe -- Rod Grimes rgri...@freebsd.org _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"