On Sun, Dec 17, 2006 at 01:10:30PM +0000, Brad Rogers wrote: > On Sun, 17 Dec 2006 04:56:30 -0800 > Freddy Freeloader <[EMAIL PROTECTED]> wrote: > > Hello Freddy, > > > all aspects of the tools available, but all users still have execute > > permissions there. > > Why is this done? I can't really see a good reason for it. What am > > I missing? > > I can't answer your query as such. However, you are aware, I hope, > that not all users have /sbin in their $PATH? So, even though all > users have execute permission, not all users can get at the directory, > anyway. >
You don't need a program in your path to execute it. Check out the debian-policy manual and the harden-doc package. This is addressed somewhere I just can't remember where. It made sense whatever it was. I think it has to do with the ability to do something with a command is determined other than by who can execute the command. Thus anyone can run cfdisk on a drive and see the partition table, but only users in group disk can do anything with it. Such fine-grained control would be impossible if it only relied on execute permissions. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
