[tex-live] updmap and /

Reinhard Kotucha reinhard.kotucha at web.de
Mon Mar 2 00:47:39 CET 2009

On 1 March 2009 Heiko Oberdiek wrote:

 > On Sun, Mar 01, 2009 at 06:21:35PM +0100, Lars Madsen wrote:
 > > I'm trying to figure out why our system is set like this, not
 > > sure if it is own own installation script or if it is redhat.
 > Perhaps a "security feature", 

Please note the quotes. :)

 > it makes life for unauthorized access a little harder.

Maybe a little bit.  Only very few files have to be kept secret on a
typical UNIX system.  It doesn't make sense to be too paranoid.

Some time ago I did this (as root):

  chmod 700 /home/*

Looks reasonable at a first glance, right?  But it didn't work.

One of the reasons the most critical programs (Postfix, Apache,...)
are so secure is that these programs do most of their work as
unprivileged users rather than with root permissions.  

So, what's wrong with "chmod 700 /home/*"?

If the /home/* directories are not executable by everyone, then Apache
is not able to access the /home/*/public_html files.

It doesn't make sense to be too restrictive.  And paranoia is a
medical condition rather than an instrument to achieve security.


Reinhard Kotucha			              Phone: +49-511-3373112
Marschnerstr. 25
D-30167 Hannover	                      mailto:reinhard.kotucha at web.de
Microsoft isn't the answer. Microsoft is the question, and the answer is NO.

More information about the tex-live mailing list