From the file : n22 ~ # cat /etc/ldap.conf.sudo # See ldap.conf(5) and README.LDAP for details\n" # This file should only be readable by root\n\n" ... But the group read bit is set too : n22 ~ # ll /etc/ldap.conf.sudo -r--r----- 1 root root 274 Jan 15 15:55 /etc/ldap.conf.sudo Reproducible: Always
... the "root" group bit you mean. no one should be in the "root" group.
Well, from the comment I'd expect that "root:root" had to be mentioned instead then. OTOH I do not have too much experiences w/ removing that permission bit in the wild, but I thought it was worth to be pointed to.
4 years old ...