diff options
author | brooks <brooks@FreeBSD.org> | 2010-11-13 00:40:43 +0000 |
---|---|---|
committer | brooks <brooks@FreeBSD.org> | 2010-11-13 00:40:43 +0000 |
commit | 479b7f42883a475385c5a0203d82972be32f2bdb (patch) | |
tree | 1af23fa60f8e4b198022f866236556ba866c040d /share/man/man5/periodic.conf.5 | |
parent | 7b0aabca30b272cae8800569e8681db7f9b58c0d (diff) | |
download | FreeBSD-src-479b7f42883a475385c5a0203d82972be32f2bdb.zip FreeBSD-src-479b7f42883a475385c5a0203d82972be32f2bdb.tar.gz |
Add an (off by default) check for negative permissions (where the
group on a object has less permissions that everyone). These
permissions will not work reliably over NFS if you have more than
14 supplemental groups and are usually not what you mean.
MFC after: 1 week
Diffstat (limited to 'share/man/man5/periodic.conf.5')
-rw-r--r-- | share/man/man5/periodic.conf.5 | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/share/man/man5/periodic.conf.5 b/share/man/man5/periodic.conf.5 index a3775d8..3213615 100644 --- a/share/man/man5/periodic.conf.5 +++ b/share/man/man5/periodic.conf.5 @@ -482,6 +482,14 @@ Set to .Dq Li YES to compare the modes and modification times of setuid executables with the previous day's values. +.It Va daily_status_security_neggrpperm_enable +.Pq Vt bool +Set to +.Dq Li YES +to check for files where the group of a file has less permissions than +the world at large. +When users are in more than 14 supplemental groups these negative +permissions may not be enforced via NFS shares. .It Va daily_status_security_chkmounts_enable .Pq Vt bool Set to |