At 17:47 Uhr +0000 08.03.2003, Dale Amon wrote:
When you have multiple people, working over long periods of time (years), with varying stress conditions, there will at some point be mistakes made. That's why defense in depth is so important. The more layers of protection you can place the more likely a single mistake won't leave you wide open.
Isn't it the same as for any user account? If that user (who maybe shares his account with other people) wants his home dir private, he can do so. Or create a subdir which is private(*). I just see no reason to make a difference between root and other users. I've started using my /root/bin/ -for-users approach since I've relied on that fact of world-readable home dirs. ("Unix is socially friendly" was a phrase in connection with permissions that I read somewhere when I began working with (unix/)linux.) And as written in my other reply I'm still missing a better alternative to /root/bin. "/local-admin's-software/bin" maybe? AFAIK, the FHS does not provide any.
(*) well of course this won't help for files that have to be directly in root's home, like shell startup files (anybody ever made such a file world-writable?). But well. BTW on the solaris machine I've worked some time, root's home was /, and I'm sure that was not 0700.
Christian (who is going to close this thread in his mind now :-).