On Thu, Jun 29, 2017 at 10:18:26AM -0400, Anthony de Boer via talk wrote: > Lennart Sorensen wrote: > > On Wed, Jun 28, 2017 at 07:21:55PM -0400, Anthony de Boer via talk wrote: > > > Many years ago a coworker tried "chmod 700" on /etc etc, and chmod 600 on > > > many key files, the upshot of which was that everything on the "secured" > > > firewall had to run as root and it ended up less secure. > > > > And 711 is no better. 744 might work OK though. > > You mean "OK" in the "OK if you want to really torque nonroot users > off" sense, right? > > Just for fun, try "chmod 744 /etc" in a root shell, then "ls -la /etc" > from a nonroot shell. Then change it back to 755 and deal with any other > users wondering why the machine did a weird there. (For extra points, do > this on a nonshared machine!) > > Things like ls get really confused if they can see that the files are > there but can't even stat them let alone any other access. Users > staring at all that STDERR don't fare much better.
I find accidentally changing permissions on /tmp a much better way to get people confused and annoyed at you. -- Len Sorensen --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk