[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Feature Request: disallow world-writable files in chmod
From: |
Ben Lentz |
Subject: |
Re: Feature Request: disallow world-writable files in chmod |
Date: |
Thu, 4 Jul 2013 09:35:49 -0400 |
On Thu, Jul 4, 2013 at 8:12 AM, Jaroslav Rakhmatoullin
<address@hidden> wrote:
> If a user wants to (makes the mistake of) let others delete their files,
> it's not "your job" to teach them otherwise. Compare to "real life"; someone
> leaves a bike on the street unlocked and someone else steals it. Does it
> make sense to file a complaint to the police department about not educating
> people of this danger? Now, if the user has an elevated role on your system
I agree, although (where I work) the sysadmin staff is held
responsible for file system permission audits and penetration test
results. A bit unfair as we have users on our systems that cause the
findings... I don't have any FAT32 in my environment and past
experience (shell histories) has shown that users are, in fact, doing
this to themselves.
An ounce of prevention is worth a pound of cure, and I think we may be
able to agree that 777ing a whole mess of files is generally not a
necessary thing to do - so if I can help stop a user from
"incorrectly" setting permissions by giving them a warning message,
that may help reduce the number of wide-open files I have on my
systems. This reduces the security exposure I have as well.
While I do agree with restricting something like this at the kernel
level (SELinux or whatnot), I guess I was hoping for something a
little more portable (operating system agnostic) and perhaps a little
less drastic.
Like I said, never mind... throw me on the pile of rejected feature requests :-)