root-path-enforce-permissions

Enforces that directories in root's $PATH are not world or group writable.

Maintainer

Nick Anderson

Module stats

Total Downloads: 504
Updated: Dec 9, 2021

Installation version

Version
Released on Dec 9, 2021

Tags

Installation

                    
cfbs add root-path-enforce-permissions
Description
Dependencies
Discussion

It's unsafe to allow anyone but root to write to root's path. This module ensures that no directory in root's path is writable by the group owner or by others.

Note: This module is opinionated and does not allow the desired permissions for directories in root's path to be customized. It simply ensures that neither group owners nor other users can write to the directories.

https://raw.githubusercontent.com/nickanderson/cfengine-writable-directories-in-root-path/main/root-path-enforce-permissions/changes-enforce-group-other-not-writable.png