On 2020/02/07 09:16, Jon Beilke wrote:
Working on improving the security of our Linux systems and one of the recommendations is to ensure user dot files are not group or world writable (CIS DIL 6.2.10), but wget generates the .wget-hsts file for users with group write permissions.
===== That's fine for some security setups, but I create each user with their own group. I really want to keep group write permissions and want to get people to realize that having every end-user dictate their idea of the "correct" security policy for all other systems is a route to chaos.
More specifically, I have different login id's on different systems (like some specific to a host and others to a domain), but I want them to have the same access to group-owned files. Relying on program creators to implement your desired security policy doesn't seem wise and does cause disruption to people who don't use your security policy. Anyway -- something to think about?
