On Tue, 29 Feb 2000 [EMAIL PROTECTED] wrote: > > That could be. But didn't they have a proper umask in /root/.bashrc? > > Depends on what you mean by proper. > > > I just went into /root on the system and did 'touch test'. It created it > > with mode 644. > > So? That sounds fine to me. Are you planning on having a file > /root/HERE_IS_THE_ROOT_PASSWORD_FOR_THIS_MACHINE or something?
Yes, with a symlink in / to make it easier to find. Or why not use it as the motd file? > > Just for grins I created public_html to see if apache would accept /~root > > and it did. So this potato system makes it easy for the superuser to have > > a personal home page :) > > Ok, it's of dubious merit, yet, I fail to see it as a serious security hole. > You should not be storing confidential files in /root/public_html. Note the 'grins' and ':)' in my comment. Obviously, it's of dubious merit. > In general, files should be world readable, unless there is some explicit > reason for them not to be. fsstnd says /root should be used solely for system administration. > Are you also worried that /var/log is not 700, too? Extremely, because I am the total idiot that you are treating me like. I merely posted this because I noticed it and wasn't sure if there were intentional changes involved along the way from slink to potato. This is the testing list. I did get one off-list reply saying that his potato and woody systems had /root as 700. The issue here is whether this is the expected behavior and if so whether it should also apply to upgrades from previous releases. Is it a bug or not? In the case of an initial install it is acceptable that I have to set permissions on /root to meet my needs. Same is true for users directories. Once I change permissions and put content there I would not want them changed automatically by package install/upgrade. Sometimes users 'turn off' features like ~/public_html or ~/.procmailrc this way. +----------------------------------------------------------------------+ + Paul Wade Greenbush Technologies Corporation + + mailto:[EMAIL PROTECTED] http://www.greenbush.com/ + +----------------------------------------------------------------------+ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
