[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Filesystem permissions


IMOH, This is really not a good idea. For example, process like X or mysql will
need write acces to /tmp. Also, user processes could need to have access to
directory like /var/spool/mail (any MUA for example). Apache and man need
access to the /var/cache directory. Some processes need access to /var/run
(apache, proftpd,...). For a matter of security, deamon that need access to
/tmp /var, ... do not always run as root.

Furthermore, I don't see what is the benefit of a such restriction.
On Fri, 15 Jun 2001, Noah Meyerhans wrote:

> On Fri, Jun 15, 2001 at 02:16:21PM -0600, Stefan Srdic wrote:
> > 
> > For example, could I mount /proc, /var and /tmp so that only root can
> > r/w to those filesystem? Also, how could I implement the same thing but
> > to the /etc directory and subdirectories?
> > 
> Why do you want to?  If nobody can read /proc then they can't run things
> like 'ps'.  That's not a good thing.  /etc is a similar case.  Depending
> on your installation, it's quite likely that there are things in /etc
> that *need* to be readable by a normal user.
> Have you got something specific that you want to hide from your users?
> Do you really distrust them that much?  I have had accounts on numerous
> "public" systems, included, for example, shell servers run by ISPs.  Not
> once have I ever seen one that restricted read access to /proc or /etc.
> noah
> -- 
>  _______________________________________________________
> | Web: http://web.morgul.net/~frodo/
> | PGP Public Key: http://web.morgul.net/~frodo/mail.html 

Reply to: