Re: Permissions on /root/
On Sat, Mar 08, 2003 at 08:07:51PM +0100, Christian Jaeger wrote:
> Isn't it the same as for any user account? If that user (who maybe
> shares his account with other people) wants his home dir private, he
> can do so. Or create a subdir which is private(*). I just see no
Typical user accounts are not the same as the root
user unless you go to selinux where you have to
assume the admin role to actually do anything. Since
I'm not running selinux on any production servers (yet)
I prefer to put as severe a wall as I can between luser
and root as I possibly can.
The friendliness of privs depends very much on what
it is you are doing. If the machine happens to be
a firewall protecting a LAN with proprietary data,
or a web server with many large web sites, the
criteria are rather different.
As I said, I use /root more as the common home for
the admin group. Not necessarily security important
things there all the time, but sometimes transiently
there is.
Security means turn everything off until the machine
is totally unusable, and then turn them back on until
you've got precisely what is required for the purpose
and no more.
Life will get easier when selinux goes more main
stream as these things will be easily handled via
policy rather than file owner/mode settings.
--
------------------------------------------------------
IN MY NAME: Dale Amon, CEO/MD
No Mushroom clouds over Islandone Society
London and New York. www.islandone.org
------------------------------------------------------
Reply to: