1 |
Apparently, though unproven, at 23:01 on Saturday 11 September 2010, Nikos |
2 |
Chantziaras did opine thusly: |
3 |
|
4 |
> On 09/11/2010 11:49 PM, Dale wrote: |
5 |
> > Nikos Chantziaras wrote: |
6 |
> >> On 09/11/2010 11:35 PM, Dale wrote: |
7 |
> >>> Alan McKinnon wrote: |
8 |
> >>>> Apparently, though unproven, at 11:46 on Saturday 11 September 2010, |
9 |
> >>>> Albert |
10 |
> >>>> |
11 |
> >>>> Hopkins did opine thusly: |
12 |
> >>>>> On Sat, 2010-09-11 at 10:24 +0200, Stéphane Guedon wrote: |
13 |
> >>>>>> few months ago, I read linux kernel in a nutschell(sic), and the |
14 |
> >>>>>> author |
15 |
> >>>>>> wrote we shouldn't do kernel operations (config and build) as root. |
16 |
> >>>>> |
17 |
> >>>>> I call bullsh*t. I've been compiling kernels for 17 years and for the |
18 |
> >>>>> most part have done it as root without any problems. |
19 |
> >>>> |
20 |
> >>>> Same here. |
21 |
> >>>> |
22 |
> >>>> The root user (sometimes portage) creates /usr/src/linux-* |
23 |
> >>>> |
24 |
> >>>> Someone tell me again exactly how user alan is supposed to build those |
25 |
> >>>> sources? |
26 |
> >>> |
27 |
> >>> If they are accessible by a user, couldn't a user then edit or add |
28 |
> >>> something that would then cause a security problem? If they can edit |
29 |
> >>> them and no one know it, then root comes along and builds a shiney new |
30 |
> >>> kernel with a really nice security hole. |
31 |
> >>> |
32 |
> >>> Glad only root can get to the sources. ;-) |
33 |
> >> |
34 |
> >> No, any user can't edit them; only the user you assign the files to. |
35 |
> >> If you assign them to root, only root can edit them. If you assign |
36 |
> >> them to kerneluser, only kerneluser can edit them. |
37 |
> >> |
38 |
> >> This is Unix 101 :) |
39 |
> > |
40 |
> > My point was, if the sources are say in the user group, then any user |
41 |
> > can edit them? Right now, they are in the root group and owned my root |
42 |
> > which for security reasons is a good idea. That way a regular user can't |
43 |
> > edit or modify the kernel sources. |
44 |
> |
45 |
> The group can only write if the files have the group write permission |
46 |
> set. Still in Unix 101 domain, hehe :) |
47 |
|
48 |
And you need write permission on the containing directory to create new files |
49 |
or delete existing ones. Nothing to do with the permissions on the file |
50 |
itself. |
51 |
|
52 |
With this, I have moved us on to Unix 101a :-) |
53 |
|
54 |
|
55 |
|
56 |
-- |
57 |
alan dot mckinnon at gmail dot com |