Information
Permissions on the /etc/nginx directory should enforce the principle of least privilege.
Rationale:
This ensures that only users who need access to configuration files are able to view them, thus preventing unauthorized access. Other users will need to use sudo in order to access these files.
Solution
Permissions are set with the ability to read as other by default on all configuration files: -rw-r--r--
Permissions are set with the ability to read and execute as other by default on all directories: drwxr-xr-x
To set permissions to least privilege on the nginx configuration files, issue these commands:
find /etc/nginx -type d -exec chmod go-w {} +
find /etc/nginx -type f -exec chmod ug-x,o-rwx {} +
Default Value:
Permissions are set with the ability to read as other by default on all configuration files: -rw-r--r--
Permissions are set with the ability to read and execute as other by default on all directories: drwxr-xr-x