From 93cbc9ca12043a13a2a80087a00012e009216f13 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Wed, 13 Jul 2022 23:47:31 +0200 Subject: base-filesystem: pick more conservative access mode for /root/ MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let's not allow anyone to look into /root/ if we create it via the base-filesystem logic. i.e. change 0755 → 0750 as default access mode for /root/, in case we create it if it happens to be missing. --- src/shared/base-filesystem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/shared/base-filesystem.c') diff --git a/src/shared/base-filesystem.c b/src/shared/base-filesystem.c index 6dacc1d20a..cd8ea49319 100644 --- a/src/shared/base-filesystem.c +++ b/src/shared/base-filesystem.c @@ -31,7 +31,7 @@ typedef struct BaseFilesystem { static const BaseFilesystem table[] = { { "bin", 0, "usr/bin\0", NULL }, { "lib", 0, "usr/lib\0", NULL }, - { "root", 0755, NULL, NULL, true }, + { "root", 0750, NULL, NULL, true }, { "sbin", 0, "usr/sbin\0", NULL }, { "usr", 0755, NULL, NULL }, { "var", 0755, NULL, NULL }, -- cgit v1.2.3