Re: [d-security] Re: root's home world readable
Christian Hammers <ch@westend.com> writes:
> The password for the mysql root user is not property of the system wide
> configuration as I can't force the user to change a file in /etc
> every time they change the users password and, due to mysqls default to
> use the mysql user of the same name as the system user you are logged in
> it would be unconvinient for the user to have to log into mysql as
> something other.
The "users password", or the system-wide password? Your English
weakness is making it very hard to communicate, please try and be
really carefuly.
You are supposed to "force" the *administrator* to edit files in /etc
to change system-wide things.
Whether the password is system-wide or not has nothing to do with
the details of how the package is set up, and everything to do with
the details and facts of how its used. This sounds *exactly* like the
sort of configuration option that belongs in /etc.
But it's still a little unclear to me exactly what this password is
for.
> With "functionality" I not only meant log rotating but also shutting down
> the server at upgrades and deinstalles as I don't want to just kill the
> processes although last time I checked the code was the same.
Right. All that sort of thing is a system-wide configuration thing,
and should be controlled through files in /etc.
> So I end up with a debian specific user with shutdown/reload privileges
> that's created with a random (saved) password at installtime as the best
> solution, or?
Nope. Probably the user should need to be root (or some other generic
user), but the files that are manipulated to accomplish
shutdown/reload and so forth should all be in /etc.
Reply to: