Re: Filesystem permissions
Hello,
IMOH, This is really not a good idea. For example, process like X or mysql will
need write acces to /tmp. Also, user processes could need to have access to
directory like /var/spool/mail (any MUA for example). Apache and man need
access to the /var/cache directory. Some processes need access to /var/run
(apache, proftpd,...). For a matter of security, deamon that need access to
/tmp /var, ... do not always run as root.
Furthermore, I don't see what is the benefit of a such restriction.
On Fri, 15 Jun 2001, Noah Meyerhans wrote:
> On Fri, Jun 15, 2001 at 02:16:21PM -0600, Stefan Srdic wrote:
> >
> > For example, could I mount /proc, /var and /tmp so that only root can
> > r/w to those filesystem? Also, how could I implement the same thing but
> > to the /etc directory and subdirectories?
> >
>
> Why do you want to? If nobody can read /proc then they can't run things
> like 'ps'. That's not a good thing. /etc is a similar case. Depending
> on your installation, it's quite likely that there are things in /etc
> that *need* to be readable by a normal user.
>
> Have you got something specific that you want to hide from your users?
> Do you really distrust them that much? I have had accounts on numerous
> "public" systems, included, for example, shell servers run by ISPs. Not
> once have I ever seen one that restricted read access to /proc or /etc.
>
> noah
>
> --
> _______________________________________________________
> | Web: http://web.morgul.net/~frodo/
> | PGP Public Key: http://web.morgul.net/~frodo/mail.html
>
>
Reply to: