On Sat, Mar 08, 2003 at 08:05:26AM -0800, Craig Dickson wrote: > But in the course of doing things that you have to do as root, when do > you need to create files in /root? Almost never. If you find that you > are using /root frequently, then I would guess that you are doing things > as root that need not be done as root. For example, someone else in this > thread says he uses /root as "temporary storage" for .debs, which > suggests that he is running as root when he manually downloads .debs > from non-apt-gettable sources. I would argue that he should download the > files in his ordinary user account, then use root only to install them. > In which case, obviously the files can't be in /root, because the > ordinary user account can't put them there. Yes, you don't need to have many files in there, but, IMHO, you shouldn't have to worry about users being able to look into what should be root's files. Even config files for some programs are world readable, by default. The first example that comes to mind, where you would want to have files in /root/, is when you have a script of some sort, or even a program, which should only be accessible by root. (~/bin/ is FHS compliant? I know I use it...) > Your opinion. The issue matters so little that I find neither 700 nor > 755 surprising. I've talked with several other friends, and most of them (5 to 1), agreed that /root/ shouldn't be 755, but something more restrictive. > If Debian were already setting /root to 700, that would be fine with me. > But 755 is also fine. I have no particular objections to either setting. > What I am responding to here is the attitude that there's something > wrong with 755, and the insistence that it be changed. Think from the perspective of the not-so-clued admin which install Debian and, even though it's mostly his fault, puts Lord knows what file in there. Shouldn't we try to prevent that? And, not only that, but you must remember that we are, after all, human. You may forget you didn't set the permissions, for example, if you deal with many systems. Shouldn't Debina try to prevent this? If the user needs/wants /root/ to be 755, he/she can do it as it'll be obvious why it's not working, as opposed to waiting for somebody to poke around your /root/ to find that out. That being said, I want to add that I'm not insisting on getting it changed, I'm just asking if there's something wrong with 750/700 that would cause it to not be the default. (I also find out if I've been doing something wrong for some time by chmodding /root/ to that. :-)) > It isn't broken, so that argument fails. There are other not broken things that are being fixed, for convenience. There's one I remember offhand, the NMU against sysklogd for 'fixing' something that's easily configurable by the admin (The priority of messages that go to console). > No. It'll probably just get rejected anyway. I won't submit if there's a strong opposition against my idea. Even if I do, it's not mere mortals like me who decide these kinds of things so it's a moot point. -- Regards, Birzan George Cristian
Attachment:
pgp5rNqiNAsYG.pgp
Description: PGP signature