Scott Ehrlich wrote:
Is it possible to permanently change /tmp and /var/tmp to chmod o-wx,
and then prevent anything from ever creating world writable and
executable in those folders?
No. What good is an unwritable /tmp?
I think what you're trying to reinvent here is noexec. If that's the
behavior you want, then use it. It may necessitate repartitioning your
disk so /tmp and /home go on their own file system.
The other issue to raise in this thread is that it feels a bit
antiquated to be imposing these kinds of restrictions on users of a
system. If they are really that untrustworthy, then they would be better
served bing boxed off in a virtual machine. Then you can impose disk,
memory, network, and other restrictions on the entire VM.
-Tom
--
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/
_______________________________________________
bblisa mailing list
[email protected]
http://www.bblisa.org/mailman/listinfo/bblisa
