Re: s6-applyuidgid mode 0700

From: Johannes Nixdorf <mixi_at_shadowice.org>
Date: Sun, 9 Jan 2022 16:13:12 +0100

On Sun, Jan 09, 2022 at 10:30:54AM +0000, Laurent Bercot wrote:
> > Since each of these functions already enforces guardrails required
> > to keep the OS safe, what is the motivation to have the mode set to
> > 0700 instead of the more permissive 0755 ?
>
> As you said, it would do no good for normal users to run these
> programs, so there's no point in giving them the necessary permissions.
> To me it serves as useful metadata: "this binary is only meant to be
> used by root" - permissions on the binary itself have always felt like
> a better indicator to me than location in /bin or /sbin.
Received on Sun Jan 09 2022 - 16:13:12 CET

This archive was generated by hypermail 2.4.0 : Sun Jan 09 2022 - 16:13:46 CET