[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Preparing Debian for using capabilities: file ownership.



 It seems that in order to take full advantage of capabilities, files should
not be owned by root. Files should be owned by a non-login user (e.g. bin).

 Currently:

-rwxr-xr-x    1 root     root        42300 jul 29 13:26 /bin/ls*

 It should be:

-rwxr-xr-x    1 bin      bin         42300 jul 29 13:26 /bin/ls*

 That's because root will be just another user, with its set of
capabilities, and you may like to prevent him from altering system files.
 As this is a major change, we'd better start now. This will also help
people who want to implement a capabilities setup before we do...

 Do you like this? Do I send a "formal proposal"?



Reply to: