Yuri Voinov <[EMAIL PROTECTED]> writes: > Hi, I suggest, the permissions for DTT is set too loose. User "100", > group "others", 755 rights mask... On public productive servers it can > be security issue. > > May be this is not bug, but I think, more better wiil be sometning > like 750 with root owner and root group.
You are aware that, even with permission to read the scripts, non root users can't use DTrace by default? I'm not arguing with your contention that they should be owned by root, I'll leave others to express a view there. There are, however, likely to be cases where non-root users are given DTrace privileges and should be able to run the scripts. After all, if they have the process privileges to run DTrace there's nothing to stop them installing their own copy of the scripts and running then. IMHO, Privileges are the place to restrict access to DTrace, not script permissions. Boyd _______________________________________________ dtrace-discuss mailing list [email protected]
