From owner-freebsd-current  Mon Feb 21  1:50:37 2000
Delivered-To: freebsd-current@freebsd.org
Received: from gruft.de (gate.obh.snafu.de [195.21.6.17])
	by hub.freebsd.org (Postfix) with ESMTP id 1347737BCAD
	for <freebsd-current@FreeBSD.ORG>; Mon, 21 Feb 2000 01:50:31 -0800 (PST)
	(envelope-from uucp@gruft.de)
Received: from localhost (1807 bytes) by gruft.de
	via rmail with P:stdio/R:inet_hosts/T:smtp
	(sender: <uucp>) (ident <uucp> using unix)
	id <m12MpTl-000ZFaC@gruft.de>
	for <FreeBSD.ORG!freebsd-current>; Mon, 21 Feb 2000 10:50:09 +0100 (CET)
	(Smail-3.2.0.106 1999-Mar-31 #1 built 1999-May-21)
Received: from sauerbruch.evk-koeln.de(localhost.evk-koeln.de[127.0.0.1]) (1411 bytes) by sauerbruch.evk-koeln.de
	via sendmail with P:esmtp/R:smart_host/T:uux
	(sender: <ob@sauerbruch.evk-koeln.de>) 
	id <m12MpQY-000QxqC@sauerbruch.evk-koeln.de>
	for <sheldonh@uunet.co.za>; Mon, 21 Feb 2000 10:46:50 +0100 (CET)
	(Smail-3.2.0.107 1999-Sep-8 #1 built 2000-Jan-25)
Message-Id: <m12MpQY-000QxqC@sauerbruch.evk-koeln.de>
Date: Mon, 21 Feb 2000 10:46:46 +0100 (CET)
From: Oliver Brandmueller <ob@sauerbruch.evk-koeln.de>
Subject: Re: Installing linux_base 6.1 
To: Sheldon Hearn <sheldonh@uunet.co.za>
Cc: freebsd-current@FreeBSD.ORG
In-Reply-To: <45529.951123142@axl.noc.iafrica.com>
MIME-Version: 1.0
Content-Type: TEXT/plain; CHARSET=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hi,

On 21 Feb, Sheldon Hearn wrote:
>>     I would be opposed to this for security reasons.  The last thing I
>>     want to see are /usr/local versions of /etc/ files related to security.
> 
> Could you explain _why_?  Is this just a matter of taste, or is there a
> concrete security concern in play?

Securing one directory is much simpler, than securing two directories.
And making /etc secure in times when you sometimes simply don't want
users fetch a userlist from your password file is hard enough. I
wouldn't like to deal with two directories in that matter. Having /etc
mounted read-only can be OK in many cases, but also mount
/usr/local/etc read-only would make life much more difficult as you
have to remount it read-write for most simple add-on-software or for
fiddling in your local configuration.

So I agree not to have security related files in /usr/local.

Bye, Oliver





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message