Pierre Fortin wrote on Thu, May 09, 2002 at 04:30:12PM -0400 : > > > > 711 on /home/* is enough for, for example apache.. > My preference is to not make *any* directory more open by any automated > process. If I choose 700 for /home/root, I consider it a security issue > for something like msec to make it less secure behind my back.
You're suggesting that a default policy be to never loosen permissions
on a {target}, but if the current security level wants it tighter, go
ahead and do it.
Blue skies... Todd
--
Todd Lyons -- MandrakeSoft, Inc. http://www.mandrakesoft.com/
UNIX was not designed to stop you from doing stupid things, because
that would also stop you from doing clever things. -- Doug Gwyn
Cooker Version mandrake-release-8.3-0.2mdk Kernel 2.4.18-14mdk
msg63948/pgp00000.pgp
Description: PGP signature
