[geeks] I love it when software gets more efficient

Michael Parson mparson at bl.org
Thu Sep 14 16:59:33 CDT 2006


On Thu, Sep 14, 2006 at 05:38:40PM -0400, Charles Shannon Hendrix wrote:
> Thu, 14 Sep 2006 @ 00:44 -0700, William Kirkland said:

<snip>

>> ... and one user will defeat this by installing a private copy of  
>> some software, that has a specific behavior you have removed, then  
>> show his buddies ...
>
> You can stop users from doing this.  If they don't have root, they can't
> install it in system areas.
>
> If they try to install it in user and data areas they have access too,
> that's solved by removing the execute option from those paths.
>
> You really should do that anyway, since there is no reason to be able to
> execute outside of your application paths anyway.

Users should not have the ability to isntall binaries or scripts in
their home directory?  Even before I got my first root access, I kept
a personal $HOME/bin in my path where I put stupid little programs
and scripts that help me get things done.  It's not like I'm running
a personal mysql and apache setup out of there, but I don't see that
I would ever remove execute perms from /home, maybe nosuid, but not
noexec.

-- 
Michael Parson
mparson at bl.org



More information about the geeks mailing list