Quote:
Or do you exclude server daemons from users group? It's not obvious for newbie.
|
a verry good point...no I don't--users was a bad example.
I do use groups "Audio" & "Video" to restrict some programs from everyone.
Quote:
And in tmp it is normal to have a+rw files - if they are security-critical, why are they in tmp in first place, where they can get some strange effects?
|
Another good point--but I don't keep a+rwx files in /tmp by
choice, do you? The thread started asking for 777 permissions.
Quote:
Also I think that simple script in init.d can be a+rx (and NEVER even g+w, not to mention o+w). What does it change?
|
Yes--I was unclear--I meant that the script should set the _file_
to more restrictive permissions, not that the script itself should be set there.
I see no reason not to set the scripts to permissions that
jagannathan.r's distro usually sets them to.
Thanks for forcing me to think about this...My general rule is
to use the least permissions that will get the job done..usually
I don't even consider if it's needed or not, I just do it, then
loosen things up if needed.
Also we're talking System V startup not BSD right? Some
distros don't have /etc/rc.d/init.d files (Slackware &
derivatives) This is either simpler or out-of-date depending
on one's point of view. Umm...jagannathan.r, which distro are
you using?