* Jakub Wilk <jw...@jwilk.net> [241211 19:09]: > * Chris Hofstaedtler <z...@debian.org>, 2024-11-14 20:57: > > As far as I can tell, the default for /dev/tty* is mode 0620, and the > > group owner being tty. No users should be part of that group. > > There's at least nwall, which is setgid tty: > > $ ls -l /usr/bin/nwall > -r-xr-sr-x 1 root tty 17988 Nov 14 21:30 /usr/bin/nwall
I don't quite understand why nwall is relevant here. It is a program that is installed by root. It still does not make a random user be part of the tty group. > > So no, you don't need to remove the +w part from the tty group. > > Yes, you do. systemd could probably change its compiled-in 0620 setting to 0600. CCing systemd@ for that. Chris
