On Sat, Mar 19, 2005 at 09:35:42PM +1100, [EMAIL PROTECTED] wrote: >Thanks for pointing those out! Add group tty also? All should be >"squashed" (and the objects owned by root:root instead).
Hey, good idea! Why don't we ditch *all* the groups and have everything groupt root! That "src" group is *obviously* a security risk, it makes any user in that group root-equiv since they can dick with /usr/src/linux... Sheesh. Get a grip. The various role groups are useful, and typically *increase* security since they provide limited access to certain files/subtrees. Moreover by default no user is placed into those groups. Your argument is that exporting a writable / or /usr via NFS exposes you to possible exploits? Then DON'T DO THAT. Can you give a realistic example where one would *want* such an export? Moreover one without all_squash? NFS exports of /usr for diskless workstations are typically read-only, and in such cases / is either also read-only or specific to the client. --bod -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
