Subject: Re: /root permissions
To: Wojciech Puchar <wojtek@tensor.3miasto.net>
From: Frederick Bruckman <fredb@immanent.net>
List: netbsd-users
Date: 02/14/2003 15:52:32
On Fri, 14 Feb 2003, Wojciech Puchar wrote:

> > First, are you really trying to hide file's contents, or their names
> > too?
>
> everything.
>
> and i think 700 for /root should be default. If something doesn't need to
> be world accessible, it shouldn't.
> Just my opinion about general system security.
>
> It's similar to deamons that runs on NetBSD by default - almost nothing.
> And it's good so you run those which YOU decide should run, instead of
> thinking what to stop to prevent security holes - like in most linux
> distributions.
>
> similar should be with all permisions in default install.

...and distribute tin-foil hats, to keep the Sputniks out of our
brains.

Seriously, with the *default* distribution, you can get the contents
of "/root"'s directory off of the web, so there's no secrets, and no
security advantage to having the contents world readable. Removing
read permissions where they're harmless has a big disadvantage, in
that it encourages people to be "root" when they need not be.

Frederick