1 |
On 12/10/2017 08:10 PM, Ian Zimmerman wrote: |
2 |
> $ for f in /etc/at/at.deny /etc/cron.hourly/0anacron |
3 |
> /etc/default/useradd ; do |
4 |
> ls -l $f ; qfile $f ; |
5 |
> done |
6 |
> -rw-r----- 1 root at 166 Dec 10 16:57 /etc/at/at.deny |
7 |
> sys-process/at (/etc/at/at.deny) |
8 |
> -rwxr-x--- 1 root root 392 Nov 4 21:04 /etc/cron.hourly/0anacron |
9 |
> sys-process/cronie (/etc/cron.hourly/0anacron) |
10 |
> -rw------- 1 root root 96 Aug 14 10:57 /etc/default/useradd |
11 |
> sys-apps/shadow (/etc/default/useradd) |
12 |
> |
13 |
> None of these seem sensitive to me, and restricting them like this looks |
14 |
> like a case of SBO. |
15 |
|
16 |
I realized that you meant "security by obscurity" after a while, but the |
17 |
first google result is "small bowel obstruction" =P |
18 |
|
19 |
It's probably just the principle of least privilege in play. If no one |
20 |
other than root needs to read those files, then no one other than root |
21 |
should be able to read those files. The at.deny and default/useradd |
22 |
files might be overkill, but I would still rather be safe than sorry. |
23 |
|
24 |
But for anacron: people are stupid enough to put passwords in there. |