On 11/18/2008 09:59 PM, Nifty Fedora Mitch wrote:
Basically, I agree. Backing up as root is fine, as long as the backup procedure maintains the proper ownership and permissions. On home systems, I personally prefer to backup my home directory myself and manage my crontab, but that could be done just as easily by root.Backing up those (system) files that a user can just read in the normal set of events is not a security issue. The serious risk is on the restore side of things. For example /etc/passwd needs to be +read for the world by contrast /etc/shadow cannot be read.Interpreted programs -- bash, perl, python must be +read! Note that the run time load/linker must read information from binary objects.In fact it must do a bit of editing -- see also prelink. It might be possible to add attributes to each section of an object(see objdump) such that specific read write bits and security attributes exist and are enforced per section (I do not recommend such an RFE).There may be an issue if software is purchased and unauthorized copies leave the building but that is a different component of security.
-- Jerry Feldman <gaf blu org> Boston Linux and Unix PGP key id: 537C5846 PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB CA3B 4607 4319 537C 5846
Description: OpenPGP digital signature