On Fri, 10 May 2002 17:41:17 -0700 Todd Lyons <[EMAIL PROTECTED]>
wrote:
> Pierre Fortin wrote on Thu, May 09, 2002 at 04:30:12PM -0400 :
> > >
> > > 711 on /home/* is enough for, for example apache..
> > My preference is to not make *any* directory more open by any
> > automated process. If I choose 700 for /home/root, I consider it a
> > security issue for something like msec to make it less secure behind
> > my back.
>
> You're suggesting that a default policy be to never loosen permissions
> on a {target}, but if the current security level wants it tighter, go
> ahead and do it.
Exactly.
Pierre
