[2016-12-22 14:21] Antoine Beaupré <anar...@debian.org> > > part text/plain 981 > On 2016-12-21 22:56:06, Dmitry Bogatov wrote: > > [2016-12-20 22:10] Russ Allbery <r...@debian.org> > >> Hm, transient IDs is an interesting idea. In a lot of cases, we create a > >> system user just to isolate the running daemon, not to control file system > >> access. The drawback, though, is that one has to have a really clear idea > >> of what resources the process would need in order to make sure this is > >> safe. (A much clearer idea than the understanding we need to know when > >> it's safe to delete a system user, I think.) > > > > You just gave me good idea. What about not removing $HOME, but chowning > > it to root? I mean, on install we create user and if its $HOME already > > exists, just chown it. > > You would need to check for suid binaries, among other traps.
Good catch. Then chowning is no better then removing. -- X-Web-Site: https://sinsekvu.github.io | Note that I process my email in batch, Accept-Languages: eo,ru,en | at most once every 24 hours. If matter Accept: text/plain, text/x-diff | is urgent, you have my phone number.
pgpTPosXCfeLQ.pgp
Description: PGP signature