On 22/11/18 at 16:25, Didier Kryn wrote: > Le 22/11/2018 à 13:25, Alessandro Selli a écrit : >> chown -R a-w /bin >> chown -R a-w /sbin >> chown -R a-w /lib > > Sorry, I meant chmod. > > Mounting read-only isn't more secure than marking a directory > read-only. root can change it anytime in a single command.
Do you think root cannot change anytime file's permissions on the filesystem? Of course it adds security to the system, because if the filesystem was mounted ro root HAS to remount it rw in order to be able to do changes on the filesystem. Should you only change file's permissions you have NOT protected anything, because I inform you, on any Unix, since the dawn of Unix time, ROOT CAN DO WHAT IT WANTS REGARDLESS OF FILE PERMISSIONS! Didn't you know this? Whom am I debating with, a Windows sysadmin, a full time Valve gamer, a systemd developer? You are again blockheadedly ignoring the fact that read-only is *NOT* the only setting that make sense changing on the /usr filesystem! There are several, and I already *twice* listed a few of them: nobarrier, noatime, iversion, nodev, etc etc. Do you know so little of filesystem management or are you trolling? -- Alessandro Selli <[email protected]> VOIP SIP: [email protected] Chiave firma e cifratura PGP/GPG signing and encoding key: BA651E4050DDFC31E17384BABCE7BD1A1B0DF2AE
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
