On 22 February 2015 at 18:06, Gordon Pettey <petteyg...@gmail.com> wrote:
> > Protect the permissions on the files, not the editors - there's always > another way to get content into a file if you have write permission to it. > If you try to do that with a g+xo-x, then you're going to have to do the > same for every single command that can put output in a file (sed, curl, > wget, heck, anything that can be piped, every shell), and then your system > doesn't even need users anymore, because no user can do anything at all for > fear they might write to a file! Indeed, which is why I think Ulrich may have been joking =). Though conceptually its a useful question, because gentoo are not going to anticipate all the security strictures a user is likely to want. For instance, perhaps a sysadmin simply wants to lock up GCC and make, having a straight forward way do to that in bashrc would help them achieve that, without them having to dish out a full ACL/LDAP setup, and without then needing to retouch the perms manually every install. And that would be preferable IMO than a system wide proliferation of USE flags to regulate such a thing. -- Kent *KENTNL* - https://metacpan.org/author/KENTNL
