-> > And if nosuid is -> > a good thing for this system, can it be implemented for the -> > /home directories only, without doing it for the whole / directory? -> -> Being that nosuid is a mount option, this would be quite easy to do if -> your /home was a separate partition, which I assume it is not.
/ should NOT be mounted nosuid. but you can mount filesystems as /tmp /home and /var as noexec (the only problem will be with /var/lib/dpkg where dpkg unpacks preinstall and postinstall scripts) -- Matus "fantomas" Uhlar, sysadmin at NEXTRA, Slovakia; IRC admin of *.sk [EMAIL PROTECTED]; http://www.fantomas.sk/; http://www.nextra.sk/ LSD will make your ECS screen display 16.7 million colors