> > Normally yes, but there is no reason a regular user can't look at > them. The only restrictions should be for install/remove in the system > locations.
Does a user need world-executable access these scripts to look? "First create a script to reformat a certificate into a form needed by openssl." "The following script creates the certificates and a bundle of all the certificates. It creates a ./certs directory and ./BLFS-ca-bundle- ${VERSION}.crt." "Add a short script to remove expired certificates from a directory." It doesn't sound like it to me? It appears a user might make her/his own certificate bundle with the second script, but are those like private key-rings? I'm under the impression from Wikipedia that there are only a handful of trustworthy authorities, the one we're installing certificates of. If I let a user install a bogus certificate from an untrustworthy "authority", am I not inviting attacks on the system? So I ask again, is there something I lose if I put them in /usr/sbin and only owner/root executable? -- Paul Rogers paulgrog...@fastmail.fm Rogers' Second Law: "Everything you do communicates." (I do not personally endorse any additions after this line. TANSTAAFL :-) -- http://www.fastmail.com - Send your email first class -- http://lists.linuxfromscratch.org/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page