Hi, jumping in.
On 12/4/07, andy <[EMAIL PROTECTED]> wrote: > ls -l /sbin is all > > -rwxr-xr-x 1 root root ... I understand this issue. What I don't get is why it seems to be the overall default that others may read and execute files in most cases. To me it would make sense to have something like (very naive right now, hope you get the idea): /bin root:users rwxr-x--- /sbin root:adm rwxr-x--- /usr/bin root:users rwxr-x--- /usr/sbin root:adm rwxr-x--- and so on. Using acl's it would be very easy to add even more groups. I think the explicit adding of others would make a lot of sense and secure the system in a standard way. I guess it's more a historical reason that others can r+x most of the system but I can see a lot of benefits in denying others by default (of course there's a lot of work involved to migrate from the current permission schema that's at least a serious drawback) What do you think? -- http://noneisyours.marcher.name http://feeds.feedburner.com/NoneIsYours -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
