On Thu, Apr 9, 2009 at 02:58, Rainer Gerhards <[email protected]> wrote: > the current default does not work well, but it is extremely restrictive. So
It's not that it doesn't work well, it honestly doesn't work at all. A directory in UNIX without execute permissions is effectively inaccessible to any non-root user, encouraging less-knowledgeable admins to just run everything as root. > Has anyone an opinion on that? And I'll probably go for the v4-only change if > nobody convinces me that there is no security risk... The only risk is that users originally granted permission to use a directory may actually be allowed to do so. If a user's data is sufficiently sensitive that such a change would unacceptably expose it, my bet is that they have already changed the permissions to something even more restrictive. I wouldn't suggest making the change if it's the only one you need to make to v2, but if there are others pending it would be a wise addition IMHO. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
