[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /root/ drwxr-xr-x?

> On Wed, Jul 31, 2002 at 11:39:02PM +0200, Peter Palfrader wrote:
> > On Wed, 31 Jul 2002, Thomas -Balu- Walter wrote:
> >
> > > # ls -lad /root/
> > > drwxr-xr-x    9 root     root         4096 Jul 31 18:25 /root/
> > >
> > > I wonder if /root/ shouldn't be accessible by root only per default?
> > > in which package can I find this one? Should I make a bug-report or
> > > you think this is normal? (It might be some kind of SuSE-remembrance
> > > from earlier days ;)
> >
> > This is not the first time this comes up.
> >
> > short version: /root 755 is no security risk and it wont get changed
> >                either. If you want, set it to 0700 on your box.
> > long version: search the list archives (both -user and -devel will
> >               some hits I guess).
> >
> IMHO at least it should be noticed somewhere in the instalation or
> something. Specially when it used to be 750 and there may be sensible
> data there.
> Regards.

Root files, IMHO, should never be publically listed. Since anything root
does should be viewed as important and a security risk (making people very
careful in what they do), it makes sense that the files root has, in
general, will also be of high priority, important, and a security risk.

In addition, I see absolutely no advantage in letting the public see the
contents of root's account. I am sure nearly every high usage or
publically accessable server has already got /root set to 700 or something
similar for the above reasons.

It follows through that in most cases there is absolutely no reason to let
the public see the contents of /root/ (as mentioned above). Since I
believe in security, and since making /root 700 or similar does not take
away any functionality, I see no reason why it cannot be changed to the
default setting. Does it not make sense to ship Debian with as much safety
and security as possible, especially when it does not reduce or limit


Reply to: