On Sun, 13 Apr 2008 12:04:31 -0400 "Douglas A. Tutty" <[EMAIL PROTECTED]> wrote:
> On Sun, Apr 13, 2008 at 03:12:08PM +0000, [EMAIL PROTECTED] > wrote: > > I don't *need* things read-only. I would just rather not *need* to > > have my root filesystem read write. > > > > I gave some reasons above for why I would like to be able to > > crontrol if and when the root filesystem is subject to writes.. > > However, consider: as things stand now, only root can alter files > which don't have write permissions for others. Sure, if the > filesystem were mounted ro then root couldn't write to the files > either (or delete files). However, root could always remount / rw. > Therefore there is no security in a system once root is compromised > whatever you do. If root is not compromised, then standard unix > permission scheme will provide the security. Thank you for that explanation. This is exactly what I was thinking about, and thus, for my purposes I don't need read-only root. Digby makes some interesting suggestions as to why one might want ro root that are more interesting, but they don't apply to me. Regards, Daniel -- And that's my crabbing done for the day. Got it out of the way early, now I have the rest of the afternoon to sniff fragrant tea-roses or strangle cute bunnies or something. -- Michael Devore GnuPG Key Fingerprint 86 F5 81 A5 D4 2E 1F 1C http://gnupg.org No more sea shells: Daniel's Weblog http://cshore.wordpress.com
signature.asc
Description: PGP signature
