Re: s6-applyuidgid mode 0700

From: Laurent Bercot <ska-skaware_at_skarnet.org>
Date: Sun, 09 Jan 2022 10:30:54 +0000

>Since each of these functions already enforces guardrails required to keep the OS safe, what is the motivation to have the mode set to 0700 instead of the more permissive 0755 ?

  As you said, it would do no good for normal users to run these
programs, so there's no point in giving them the necessary permissions.
To me it serves as useful metadata: "this binary is only meant to be
used by root" - permissions on the binary itself have always felt like
a better indicator to me than location in /bin or /sbin.

--
  Laurent
Received on Sun Jan 09 2022 - 11:30:54 CET

This archive was generated by hypermail 2.4.0 : Sun Jan 09 2022 - 11:31:24 CET