Hello, IMOH, This is really not a good idea. For example, process like X or mysql will need write acces to /tmp. Also, user processes could need to have access to directory like /var/spool/mail (any MUA for example). Apache and man need access to the /var/cache directory. Some processes need access to /var/run (apache, proftpd,...). For a matter of security, deamon that need access to /tmp /var, ... do not always run as root.
Furthermore, I don't see what is the benefit of a such restriction. On Fri, 15 Jun 2001, Noah Meyerhans wrote: > On Fri, Jun 15, 2001 at 02:16:21PM -0600, Stefan Srdic wrote: > > > > For example, could I mount /proc, /var and /tmp so that only root can > > r/w to those filesystem? Also, how could I implement the same thing but > > to the /etc directory and subdirectories? > > > > Why do you want to? If nobody can read /proc then they can't run things > like 'ps'. That's not a good thing. /etc is a similar case. Depending > on your installation, it's quite likely that there are things in /etc > that *need* to be readable by a normal user. > > Have you got something specific that you want to hide from your users? > Do you really distrust them that much? I have had accounts on numerous > "public" systems, included, for example, shell servers run by ISPs. Not > once have I ever seen one that restricted read access to /proc or /etc. > > noah > > -- > _______________________________________________________ > | Web: http://web.morgul.net/~frodo/ > | PGP Public Key: http://web.morgul.net/~frodo/mail.html > >
