1 |
On 22 February 2015 at 18:06, Gordon Pettey <petteyg359@×××××.com> wrote: |
2 |
|
3 |
> |
4 |
> Protect the permissions on the files, not the editors - there's always |
5 |
> another way to get content into a file if you have write permission to it. |
6 |
> If you try to do that with a g+xo-x, then you're going to have to do the |
7 |
> same for every single command that can put output in a file (sed, curl, |
8 |
> wget, heck, anything that can be piped, every shell), and then your system |
9 |
> doesn't even need users anymore, because no user can do anything at all for |
10 |
> fear they might write to a file! |
11 |
|
12 |
|
13 |
|
14 |
Indeed, which is why I think Ulrich may have been joking =). |
15 |
|
16 |
Though conceptually its a useful question, because gentoo are not going to |
17 |
anticipate all the security strictures a user is likely to want. |
18 |
|
19 |
For instance, perhaps a sysadmin simply wants to lock up GCC and make, |
20 |
having a straight forward way do to that in bashrc would help them achieve |
21 |
that, without them having to dish out a full ACL/LDAP setup, and without |
22 |
then needing to retouch the perms manually every install. |
23 |
|
24 |
And that would be preferable IMO than a system wide proliferation of USE |
25 |
flags to regulate such a thing. |
26 |
|
27 |
|
28 |
-- |
29 |
Kent |
30 |
|
31 |
*KENTNL* - https://metacpan.org/author/KENTNL |