"fpolacco" == fpolacco <[EMAIL PROTECTED]> writes: >> On Sun, 15 Feb 1998 [EMAIL PROTECTED] wrote: >> > Therefore I think that it is better to leave them mode 444 so a user >> > (educated by Slackware) will find little more difficult to modify them >> > (mode 444 should make him think that that file shouldn't be modifyed)
> Our policy already say "don't edit that file"; leaving it mode 444 is a > way to assert the current policy. Actually: [From Policy Manual 2.4.0.0 Section 3.3.8] | The rules in this section are guidelines for general use. If necessary | you may deviate from the details below. However, if you do so you must | make sure that what is done is secure and you must try to be as | consistent as possible with the rest of the system. You should | probably also discuss it on debian-devel first. | Files should be owned by root.root, and made writable only by the | owner and universally readable (and executable, if appropriate). I think we might add a clause like so: In some cases, packagers may wish to indicate explicitly that the file is not meant for writing, and therefore set the file to be non-writable even for the owner (i.e., mode 0444). An example of this are the files in /usr/X11R6/lib/X11/app-defaults. Kinda a hair-splitter here though. .....A. P. [EMAIL PROTECTED]<URL:http://www.onShore.com/>
