RFC: Remove write permissions from executables
Garrett Holmstrom
gholms at fedoraproject.org
Mon Jan 25 20:48:44 UTC 2010
On Mon, Jan 25, 2010 at 11:54 AM, Till Maas <opensource at till.name> wrote:
> On Mon, Jan 25, 2010 at 12:45:26PM -0500, Mike McLean wrote:
>
>> Furthermore, when the user is root, the 0555 mode will not prevent
>> writing as it would for normal users.
>
> It does not matter, whether the user is root, but whether he has the
> dac_override capability. If you read the original mail (1st paragraph)
> again with this in mind, you will understand the reason for the change.
Does a lack of the dac_override capability prevent root from chmod'ing
its own files?
--
Garrett Holmstrom
More information about the devel
mailing list