Re: Bug#72327: boot-floppies: doesn't install .bash_logout for root (fwd)

[Josip Rodin <joy@cibalia.gkvk.hr>]

On Thu, Sep 28, 2000 at 02:17:03PM +0200, Santiago Vila wrote:
> > >  > $ tar ztvf base2_2.tgz | awk '$6 == "./root/" '
> > >  > drwxr-xr-x root/root         0 2000-07-05 19:47:09 ./root/
> > > 
> > > maybe this changed. At least a have some slink boxes where 700 was the
> > > default.
> > 
> > Indeed, this changed, and that's not good. Why was this gratuitous change
> > made?
> 
> /root has always been 755.

I haven't seen any of those. All slink installs had it 700, which I
considered to be a sane default.

Anyway, history doesn't really matter with these kind of security issues --
sendmail had loads and loads of root exploits during the last decade, it
doesn't mean it should have them today.

> Some time ago I asked about this and 755 was considered to be good enough
> for /root, see the archives.

Which list?

> Anyway, the root account does not differ so much from an ordinary user
> account, because the admin is usually supposed to do "su" from an
> unprivileged account.

What people should do and what people will do is usually very different.
Besides, what does that have to do with file/directory permissions? Su'ed,
sudo'ed or logged in, admin is supposed to use his home directory for
storing something, otherwise it wouldn't be there.

-- 
Digital Electronic Being Intended for Assassination and Nullification