On Fri, 7 Jul 2023, Reindl Harald wrote:
/usr is package terriotory and MUST NOT BE owned by anybody than root and
read-only for the world
just give common sense another few seconds!
only the files/folders which are supposed to be written by any deamon should
be writeable for the user the daemnon is running with
you don't want an exploit happening somewhere in teh filter chain modify your
binaries/scripts
OF COURSE!
For me, THE key questions have to do with the learning aspect (and maybe
logging): What's the directory that, for example, sa-learn has to write
into? ... Again, pointers would be nice - it's not like I was planning to
spend my day doing this; I have a customer visit planned that's coming up
soon! I just don't have much time!
Richard
