Re: file permissions
On Sun, Dec 17, 2006 at 01:10:30PM +0000, Brad Rogers wrote:
> On Sun, 17 Dec 2006 04:56:30 -0800
> Freddy Freeloader <fredddy@cableone.net> wrote:
>
> Hello Freddy,
>
> > all aspects of the tools available, but all users still have execute
> > permissions there.
> > Why is this done? I can't really see a good reason for it. What am
> > I missing?
>
> I can't answer your query as such. However, you are aware, I hope,
> that not all users have /sbin in their $PATH? So, even though all
> users have execute permission, not all users can get at the directory,
> anyway.
>
You don't need a program in your path to execute it.
Check out the debian-policy manual and the harden-doc package. This is
addressed somewhere I just can't remember where. It made sense whatever
it was.
I think it has to do with the ability to do something with a command is
determined other than by who can execute the command. Thus anyone can
run cfdisk on a drive and see the partition table, but only users in
group disk can do anything with it. Such fine-grained control would be
impossible if it only relied on execute permissions.
Doug.
Reply to: