On 23.12.2012 03:05, Charlie Root wrote:
Checking negative group permissions:
  8903027 -rw--w-r--  1 mi    www    794277 Oct 23 07:47:45 2007 

The above started to appear in the daily security run output after I upgraded to 9.1. I don't understand, what this check is doing or why the above file is reported -- what's abnormal (warning-worthy) about allowing the web-server to write to, but not read a file? I did it on purpose to keep all files associated with a project together, but without inadvertently serving some of them...

The actual script generating this warning (110.neggrpperm) was added in 2010 and meant to be off by default. There is no explicit mention of the knob daily_status_security_neggrpperm_enable in the log for etc/defaults/periodic.conf...

I understand, I can explicitly disable it, but I'm curious... Whether it should run by default or not, what is the purpose of it?



freebsd-stable@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Reply via email to