[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug #57766] Remove group-write permission from ~/.wget-hsts file

From: L A Walsh
Subject: Re: [bug #57766] Remove group-write permission from ~/.wget-hsts file
Date: Sun, 09 Feb 2020 06:54:05 -0800
User-agent: Thunderbird

On 2020/02/07 09:16, Jon Beilke wrote:
Working on improving the security of our Linux systems and one of the
recommendations is to ensure user dot files are not group or world writable
(CIS DIL 6.2.10), but wget generates the .wget-hsts file for users with group
write permissions.
   That's fine for some security setups, but I create each user with
their own group.  I really want to keep group write permissions and want
to get people to realize that having every end-user dictate their idea
of the "correct" security policy for all other systems is a route
to chaos.

   More specifically, I have different login id's on different systems
(like some specific to a host and others to a domain),  but I want them to
have the same access to group-owned files.  Relying on program creators
to implement your desired security policy doesn't seem wise and does
cause disruption to people who don't use your security policy.

   Anyway -- something to think about?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]