Do not permit world-readability of /etc/sudoers.d/

Lynis (rightly) complains about this directory and its contents being world-readable on current IPFire installations. Since there is no necessity for this, we might as well chmod them to 750 / 640. Signed-off-by: Peter Müller <peter.mueller@ipfire.org> Reviewed-by: Adolf Belka <adolf.belka@ipfire.org>
2026-05-11 01:38:25 +02:00 · 2022-04-30 10:05:44 +00:00
parent 64567c9423
commit a260900c8d
3 changed files with 7 additions and 3 deletions
--- a/lfs/setup
+++ b/lfs/setup
@@ -58,5 +58,9 @@ $(TARGET) :
 		--with-config-root="$(CONFIG_ROOT)"
 	cd $(DIR_APP) && make $(MAKETUNING)
 	cd $(DIR_APP) && make install
+
+	# Fix file permissions of /etc/sudoers.d/setup
+	chmod 640 /etc/sudoers.d/setup
+
 	@rm -rf $(DIR_APP)
 	@$(POSTBUILD)