El 10/04/13 18:14, Yamaban escribió:
root:root and we drop any capability or limit access via systemd units.
Well, either "d755 root:root": everybody on the machine can read the dir, or "d750 root:tftp": tftp can read, others not, that way closes some avenues of risks.
IMHO, from the sec. aspect, "d750 root:tftp" should be prefered.
tftp is an insecure protocol and hence no secret or sensitive information should live in /srv/tftpboot and reading the directory contents should not be a problem. iI I want to look at the directory contents I can just tftp to localhost as the protocol does not have authentication at all. -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org