[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mandrake-cooker
Subject:    Re: [Cooker] Re: [cooker-commits] [svn-commit] r120338 - in packages/cooker/fail2ban/current: SOURCE
From:       Buchan Milne <bgmilne () mandriva ! org>
Date:       2007-02-15 11:32:14
Message-ID: 200702151332.14728.bgmilne () mandriva ! org
[Download RAW message or body]


On Thursday 15 February 2007, Tomasz Paweł Gajc wrote:
> Dnia czwartek, 15 lutego 2007, Per Øyvind Karlsen napisał:
> > Torsdag 15 februar 2007 00:35, skrev Tomasz Paweł Gajc:
> > > Dnia czwartek, 15 lutego 2007, Per Øyvind Karlsen napisał:
> > > > Tirsdag 13 februar 2007 12:32, skrev tpg:
> > > > > +%attr(744,root,root) %{_initrddir}/%{name}
> > > >
> > > > Users won't actually be able to run this even if executable, now will
> > > > they?
> > > >
> > > > No reason for such permissions..
> > >
> > > I just want to make sure that non privileged users won't stop this
> > > service. i've noticed that others set 700 on initscripts, and no one
> > > shouts about it ;-)
> >
> > How will a regular user be able to kill other users processes?
>
> Why a regular user should have the power to stop iptables? Just for an
> example.

Whether they have permission to run the script or not is irrelevant, since the 
kernel will not allow them to kill another user's process.

So, I think 755 is fine, as:
1)The user shouldn't need to be root to see what options there are
2)The user shouldn't in most cases need to be root to read the init script

Regards,
Buchan

-- 
Buchan Milne
B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]