On Thu, Jul 4, 2013 at 8:12 AM, Jaroslav Rakhmatoullin <[email protected]> wrote: > If a user wants to (makes the mistake of) let others delete their files, > it's not "your job" to teach them otherwise. Compare to "real life"; someone > leaves a bike on the street unlocked and someone else steals it. Does it > make sense to file a complaint to the police department about not educating > people of this danger? Now, if the user has an elevated role on your system
I agree, although (where I work) the sysadmin staff is held responsible for file system permission audits and penetration test results. A bit unfair as we have users on our systems that cause the findings... I don't have any FAT32 in my environment and past experience (shell histories) has shown that users are, in fact, doing this to themselves. An ounce of prevention is worth a pound of cure, and I think we may be able to agree that 777ing a whole mess of files is generally not a necessary thing to do - so if I can help stop a user from "incorrectly" setting permissions by giving them a warning message, that may help reduce the number of wide-open files I have on my systems. This reduces the security exposure I have as well. While I do agree with restricting something like this at the kernel level (SELinux or whatnot), I guess I was hoping for something a little more portable (operating system agnostic) and perhaps a little less drastic. Like I said, never mind... throw me on the pile of rejected feature requests :-)
