Hi,
About 2 years ago the procps package added protection for hard and soft symlinks. The bug report was 889098 and has seemed to work fine.
There is also now bug #914859 which would extend this same protection for other files, as mentioned in [1]
On the one hand, having all these file types protected by default would be very nice. On the other, it may break things in odd ways though I suspect this is quite rare. A system administrator is, of course, able to set these to whatever they would like, but what should the default be?
My personal preference is to lock them down by default, by setting both to mode 2. However the impact is way more than my handful of systems I use, hence the wider email.
Putting it another way, are there any real strong reasons for not doing this?
- Craig