Re: Permissions on /root/

[Dale Amon <amon@vnl.com>]

On Sat, Mar 08, 2003 at 07:12:13PM +0200, Birzan George Cristian wrote:
> I've talked with several other friends, and most of them (5 to 1),
> agreed that /root/ shouldn't be 755, but something more restrictive.

I'm in agreement as well. I use /root as a common
communication area among admin staff. Admin staff
have their own home directories but prefer them keep
them private. /root is a good place to put things
which are intended to be "public" to the admin
group. sudo is fine for doing many things, but not
everything.

I use cfengine2 to force it at least to 750. I also
use cfengine2 to enforce all sorts of harsher
preferences so that I automatically override
some of the weaker debian settings within minutes
of doing an apt-get or dselect upgrade.

When you have multiple people, working over long
periods of time (years), with varying stress
conditions, there will at some point be mistakes
made. That's why defense in depth is so important. 
The more layers of protection you can place the
more likely a single mistake won't leave you
wide open.

-- 
------------------------------------------------------
       IN MY NAME:            Dale Amon, CEO/MD
  No Mushroom clouds over     Islandone Society
    London and New York.      www.islandone.org
------------------------------------------------------