Apparently, though unproven, at 23:01 on Saturday 11 September 2010, Nikos Chantziaras did opine thusly:
> On 09/11/2010 11:49 PM, Dale wrote: > > Nikos Chantziaras wrote: > >> On 09/11/2010 11:35 PM, Dale wrote: > >>> Alan McKinnon wrote: > >>>> Apparently, though unproven, at 11:46 on Saturday 11 September 2010, > >>>> Albert > >>>> > >>>> Hopkins did opine thusly: > >>>>> On Sat, 2010-09-11 at 10:24 +0200, Stéphane Guedon wrote: > >>>>>> few months ago, I read linux kernel in a nutschell(sic), and the > >>>>>> author > >>>>>> wrote we shouldn't do kernel operations (config and build) as root. > >>>>> > >>>>> I call bullsh*t. I've been compiling kernels for 17 years and for the > >>>>> most part have done it as root without any problems. > >>>> > >>>> Same here. > >>>> > >>>> The root user (sometimes portage) creates /usr/src/linux-* > >>>> > >>>> Someone tell me again exactly how user alan is supposed to build those > >>>> sources? > >>> > >>> If they are accessible by a user, couldn't a user then edit or add > >>> something that would then cause a security problem? If they can edit > >>> them and no one know it, then root comes along and builds a shiney new > >>> kernel with a really nice security hole. > >>> > >>> Glad only root can get to the sources. ;-) > >> > >> No, any user can't edit them; only the user you assign the files to. > >> If you assign them to root, only root can edit them. If you assign > >> them to kerneluser, only kerneluser can edit them. > >> > >> This is Unix 101 :) > > > > My point was, if the sources are say in the user group, then any user > > can edit them? Right now, they are in the root group and owned my root > > which for security reasons is a good idea. That way a regular user can't > > edit or modify the kernel sources. > > The group can only write if the files have the group write permission > set. Still in Unix 101 domain, hehe :) And you need write permission on the containing directory to create new files or delete existing ones. Nothing to do with the permissions on the file itself. With this, I have moved us on to Unix 101a :-) -- alan dot mckinnon at gmail dot com
