Re: [suse-security] /etc/rc.config sets umask to 022
Roman,
Setting the umask to 077 will cause you trouble on any unix (-like) system. Better close directories that contain privacy-critical files.
would you be able to give some examples? Setting /var/log to 700 is not common on linux systems I think. Volker
Setting the umask to 077 will cause you trouble on any unix (-like) system. Better close directories that contain privacy-critical files.
would you be able to give some examples?
Setting /var/log to 700 is not common on linux systems I think.
Volker
It's about administration style: It's better to be aware of the necessity to change file modes instead of defining defaults that cause subsystems to fail because of insufficient permissions for regular users. People (admins?) then log on as root because they are used to the fact that "some things" don't work. There are two ways to approach the problem: Either you want everything open and then you close the things that you consider private, or you start defining everything private and then open up things to others. A clean concept and design closes the gap between these two, provided that there are no compromises. Admin's awareness can't be substituted by 077. Roman. -- _ _ | Roman Drahtmüller "Freedom means that you can choose | CC University of Freiburg what you want to learn at a given | email: draht@uni-freiburg.de time." A. Becker, 1999 | - - People often find it easier to be a result of the past than a cause of the future.
participants (2)
-
Roman Drahtmueller
-
Volker Kuhlmann