permissions in general (WAS: Re: permissions in /sbin)

To: debian-user <debian-user@lists.debian.org>
Subject: permissions in general (WAS: Re: permissions in /sbin)
From: "Martin Marcher" <martin@marcher.name>
Date: Wed, 5 Dec 2007 16:58:59 +0100
Message-id: <[🔎] 5fa6c12e0712050758i433bfc93if33db92fd4d2e284@mail.gmail.com>

Hi,

jumping in.

On 12/4/07, andy <geek_show@dsl.pipex.com> wrote:
> ls -l /sbin is all
>
> -rwxr-xr-x 1 root root   ...

I understand this issue. What I don't get is why it seems to be the
overall default that others may read and execute files in most cases.

To me it would make sense to have something like (very naive right
now, hope you get the idea):

/bin root:users rwxr-x---
/sbin root:adm rwxr-x---
/usr/bin root:users rwxr-x---
/usr/sbin root:adm rwxr-x---

and so on. Using acl's it would be very easy to add even more groups.
I think the explicit adding of others would make a lot of sense and
secure the system in a standard way.

I guess it's more a historical reason that others can r+x most of the
system but I can see a lot of benefits in denying others by default
(of course there's a lot of work involved to migrate from the current
permission schema that's at least a serious drawback)

What do you think?

-- 
http://noneisyours.marcher.name
http://feeds.feedburner.com/NoneIsYours

Reply to:

Follow-Ups:
- Re: permissions in general (WAS: Re: permissions in /sbin)
  - From: Nyizsnyik Ferenc <nyizsa@bluebottle.com>
- Re: permissions in general (WAS: Re: permissions in /sbin)
  - From: Mike Bird <mgb-debian@yosemite.net>
- Re: permissions in general (WAS: Re: permissions in /sbin)
  - From: "Douglas A. Tutty" <dtutty@porchlight.ca>

Prev by Date: Re: rsync to clone disk - Can it work? grub-install error
Next by Date: Re: How to mount .iso file from NFS share?
Previous by thread: Re: Debian installer support on apt-cacher-ng
Next by thread: Re: permissions in general (WAS: Re: permissions in /sbin)
Index(es):
- Date
- Thread