Kevin Oberman <rkoberman@gmail.com> writes: > It's just that there are cases where negative group permissions are > intended and this is such a case. If you don't want to see them, add > "daily_status_security_neggrpperm_enable="NO" to /etc/periodic.conf. I added a hack to work around this without disabling the check completely. Anything wrong with something of this sort? --- /etc/periodic/security/110.neggrpperm 2014-07-08 14:12:31.000000000 -0400 +++ /usr/src/etc/periodic/security/110.neggrpperm 2014-06-03 19:49:13.000000000 -0400 @@ -37,26 +37,18 @@ security_daily_compat_var security_status_neggrpperm_enable - rc=0 if check_yesno_period security_status_neggrpperm_enable then echo "" echo 'Checking negative group permissions:' - - if [ -z ${security_neggrperm_ignore} ] ; then - echo security_neggrperm_ignore not set - security_neggrperm_ignore="/nonexistent" - fi - MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'` n=$(find -sx $MP /dev/null -type f \ \( \( ! -perm +010 -and -perm +001 \) -or \ \( ! -perm +020 -and -perm +002 \) -or \ \( ! -perm +040 -and -perm +004 \) \) \ - -exec ls -liTd \{\} \+ | grep -v "${security_neggrperm_ignore}" | \ - tee /dev/stderr | wc -l) + -exec ls -liTd \{\} \+ | tee /dev/stderr | wc -l) [ $n -gt 0 ] && rc=1 || rc=0 fi _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org"