[geeks] I love it when software gets more efficient
Michael Parson
mparson at bl.org
Thu Sep 14 16:59:33 CDT 2006
On Thu, Sep 14, 2006 at 05:38:40PM -0400, Charles Shannon Hendrix wrote:
> Thu, 14 Sep 2006 @ 00:44 -0700, William Kirkland said:
<snip>
>> ... and one user will defeat this by installing a private copy of
>> some software, that has a specific behavior you have removed, then
>> show his buddies ...
>
> You can stop users from doing this. If they don't have root, they can't
> install it in system areas.
>
> If they try to install it in user and data areas they have access too,
> that's solved by removing the execute option from those paths.
>
> You really should do that anyway, since there is no reason to be able to
> execute outside of your application paths anyway.
Users should not have the ability to isntall binaries or scripts in
their home directory? Even before I got my first root access, I kept
a personal $HOME/bin in my path where I put stupid little programs
and scripts that help me get things done. It's not like I'm running
a personal mysql and apache setup out of there, but I don't see that
I would ever remove execute perms from /home, maybe nosuid, but not
noexec.
--
Michael Parson
mparson at bl.org
More information about the geeks
mailing list