public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-user] Why are these files restricted?
@ 2017-12-11  1:10 Ian Zimmerman
  2017-12-14  1:10 ` Michael Orlitzky
  0 siblings, 1 reply; 2+ messages in thread
From: Ian Zimmerman @ 2017-12-11  1:10 UTC (permalink / raw
  To: gentoo-user

$ for f in /etc/at/at.deny /etc/cron.hourly/0anacron
/etc/default/useradd ; do
  ls -l $f ; qfile $f ;
done
-rw-r----- 1 root at 166 Dec 10 16:57 /etc/at/at.deny
sys-process/at (/etc/at/at.deny)
-rwxr-x--- 1 root root 392 Nov  4 21:04 /etc/cron.hourly/0anacron
sys-process/cronie (/etc/cron.hourly/0anacron)
-rw------- 1 root root 96 Aug 14 10:57 /etc/default/useradd
sys-apps/shadow (/etc/default/useradd)

None of these seem sensitive to me, and restricting them like this looks
like a case of SBO.  On a debian system at.deny has similarly restricted
perms; I can't check 0anacron because my debian system has no such
package installed; and default/useradd has normal 644 mode.

-- 
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet, fetch the TXT record for the domain.


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [gentoo-user] Why are these files restricted?
  2017-12-11  1:10 [gentoo-user] Why are these files restricted? Ian Zimmerman
@ 2017-12-14  1:10 ` Michael Orlitzky
  0 siblings, 0 replies; 2+ messages in thread
From: Michael Orlitzky @ 2017-12-14  1:10 UTC (permalink / raw
  To: gentoo-user

On 12/10/2017 08:10 PM, Ian Zimmerman wrote:
> $ for f in /etc/at/at.deny /etc/cron.hourly/0anacron
> /etc/default/useradd ; do
>   ls -l $f ; qfile $f ;
> done
> -rw-r----- 1 root at 166 Dec 10 16:57 /etc/at/at.deny
> sys-process/at (/etc/at/at.deny)
> -rwxr-x--- 1 root root 392 Nov  4 21:04 /etc/cron.hourly/0anacron
> sys-process/cronie (/etc/cron.hourly/0anacron)
> -rw------- 1 root root 96 Aug 14 10:57 /etc/default/useradd
> sys-apps/shadow (/etc/default/useradd)
> 
> None of these seem sensitive to me, and restricting them like this looks
> like a case of SBO.

I realized that you meant "security by obscurity" after a while, but the
first google result is "small bowel obstruction" =P

It's probably just the principle of least privilege in play. If no one
other than root needs to read those files, then no one other than root
should be able to read those files. The at.deny and default/useradd
files might be overkill, but I would still rather be safe than sorry.

But for anacron: people are stupid enough to put passwords in there.


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2017-12-14  1:11 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-12-11  1:10 [gentoo-user] Why are these files restricted? Ian Zimmerman
2017-12-14  1:10 ` Michael Orlitzky

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox