Re: [PROPOSAL] (Ch.16 FHS) be more specific on file/dir permissions
On Thu, Jan 04, 2001 at 03:02:10PM +0000, Alan Cox wrote:
> > o The application must not depend on having directory write
> > permission outside /tmp, /var/tmp and his home directory.
> (language pedantry, not intended as a criticism)
> > o The application must not depend on owning these directories.
> > o The system may restrict directory write permissions for these
> > directories by setting the "sticky bit" for them.
> Including home ?
Yes, as local sysadmin I want to be able to place a empty rhosts file
(owned by root) in home directories, to prevent users from opening
rsh security holes. To prevent the users from deleting .rhosts,
I need the sticky bit on the home directory.
> > o The system must grant the permissions needed to use them
> > to all libraries, executables and data files mentioned in the
> > LSB document, and included standards.
> Stop a moment. Grant to whom ? Do I grant perl the ability to the shadow
> password file for example ;)
OK, let "reword" this paragraph.
o The system must grant to the application the permissions needed
to use all libraries, executables and data files mentioned in the
LSB document and included standards.
> > o log in as user root
> 'root' isnt always the name used. There may be multiple priviledge levels -
> how about 'log in as a privileged user'
/ ___/__/ / Caldera (Deutschland) GmbH
/ /_/ _ / /__ Naegelsbachstr. 49c, 91052 Erlangen, Germany
/_____/_/ /____/ software developer / lsb project
==== /____/ ===== Dipl. Inf. Johannes Poehlmann, mail: firstname.lastname@example.org
Caldera OpenLinux phone: ++49 9131 7192 336, fax: ++49 9131 7192 399