Omar Polo writes: > or they can just upload to /usr/local or /home, or mess with /etc, or... > I don't see how this would help.
It's another layer to make things more difficult. If the writable filesystems are noexec and they can't take that away, uploads become less valuable. /etc is always going to be problematic. I've been experimenting to see if I can create a viable firewall config with a read-only root filesystem. --lyndon
