On Sat, Sep 09, 2000 at 12:00:19AM +1100, CaT wrote: > After installing this utility (which has to be amongst my very > favourite) I noticed something interesting int he way it behaves. > Basically, screen does what I first thought of when compiling it > for myself, which is to put its pipes in /var/run/screen. > > What screen does there is to create subdirs which are then used > to hold a users pipes. Now these subdirs are owned by the user > that runs screen. The hassle with this is that it gives the user > a. a possible way around quotas set on /home b. a method of fully > filling up /var, thereby potentially causing log entries to be > lost which, in turn, gives the user anice, untracable way of then > doing naughty things without those naughty things getting logged. > Said user can then rm the large file they created and noone would > be any the wiser. users have write permission to /var unless you really make alot of changes, on my system i have: /var/lock /var/tmp ## for me this is a sep partition /var/lib/texmf/* /var/mail/user if your worried about users messing with /var put quotas on /var. > As such I reckon it's best if the screen directory is left in > /tmp where the authors initially put it. It's inconvenient but > doesn't cause the problems above. more headaches for /tmp cleaners and it does not solve any of the above problems. to solve the above problems enforce quotas on /var (which can be much smaller then /home quotas, say 5 or 10 MB) that is what i do. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgp1OGHRK52jI.pgp
Description: PGP signature