On Sun, Apr 17, 2005 at 02:51:14PM +0200, Bastian Blank wrote: > This devices are managed by devmapper. And I don't see problems with > root:root 600 as sane default.
It is inconsistent with the other filesystem-holding devices. For one, it forces backup programs to run as root, instead of another user ID member of "disk". This makes stepping up from a compromise of the backup server to a full root compromise of the backuped machines far easier, when using a partition-based network backup system. (Yes, it can be worked around by a chown/chmod in /etc/init.d/foo, but that's a workaround for this inconsistency in Debian.) -- Lionel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
