>
> Normally yes, but there is no reason a regular user can't look at
> them. The only restrictions should be for install/remove in the system
> locations.
Does a user need world-executable access these scripts to look?
"First create a script to reformat a certificate into a form needed
by openssl."
"The following script creates the certificates and a bundle of all the
certificates. It creates a ./certs directory and ./BLFS-ca-bundle-
${VERSION}.crt."
"Add a short script to remove expired certificates from a directory."
It doesn't sound like it to me? It appears a user might make her/his
own certificate bundle with the second script, but are those like
private key-rings? I'm under the impression from Wikipedia that there
are only a handful of trustworthy authorities, the one we're installing
certificates of. If I let a user install a bogus certificate from an
untrustworthy "authority", am I not inviting attacks on the system? So
I ask again, is there something I lose if I put them in /usr/sbin and
only owner/root executable?
--
Paul Rogers
paulgrog...@fastmail.fm
Rogers' Second Law: "Everything you do communicates."
(I do not personally endorse any additions after this line. TANSTAAFL :-)
--
http://www.fastmail.com - Send your email first class
--
http://lists.linuxfromscratch.org/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
