[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug #57766] Remove group-write permission from ~/.wget-hsts file
From: |
L A Walsh |
Subject: |
Re: [bug #57766] Remove group-write permission from ~/.wget-hsts file |
Date: |
Sun, 09 Feb 2020 06:54:05 -0800 |
User-agent: |
Thunderbird |
On 2020/02/07 09:16, Jon Beilke wrote:
Working on improving the security of our Linux systems and one of the
recommendations is to ensure user dot files are not group or world writable
(CIS DIL 6.2.10), but wget generates the .wget-hsts file for users with group
write permissions.
=====
That's fine for some security setups, but I create each user with
their own group. I really want to keep group write permissions and want
to get people to realize that having every end-user dictate their idea
of the "correct" security policy for all other systems is a route
to chaos.
More specifically, I have different login id's on different systems
(like some specific to a host and others to a domain), but I want them to
have the same access to group-owned files. Relying on program creators
to implement your desired security policy doesn't seem wise and does
cause disruption to people who don't use your security policy.
Anyway -- something to think about?