* Bastian Blank (waldi@debian.org) wrote: > > Is there some reason you can't have implement your personally preferred > > policy of root.root 600 on just your own system? Is there some reason > > for projecting your personal policies incompletely onto an arbitrary > > subset of debian's users? > > Hu? 10 people are an arbitrary subset? I expect it's more than 10. I know that I'm one of the folks following along here and trying to understand why you can't manage to do what every other block-device-creating maintainer does. > I never said, that they should run as root. [...] > Many tools have additional checks to never do anything as root. Now you > have just another user with the same rights. You're contradicting yourself here. Disk block devices have a specific, standard permission setup in Debian. Packages which create disk block devices need to follow this standard. There really isn't anything else to discuss. I don't particularly care that you don't like amanda, you're wrong to think that making it be 600 is any more secure by default, no one seems to be jumping to bolster your claims, and depending on a check to make sure one isn't running as root to enforce security sounds like a rather serious problem to begin with. Consider that there are *many* other users whom it would be bad to run as mistakenly (someone in the shadow group? Or the Postgres group on your primary database server?). Thanks, Stephen
Attachment:
signature.asc
Description: Digital signature