From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-114782-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1OuXg2-0003xo-LG
	for garchives@archives.gentoo.org; Sat, 11 Sep 2010 21:32:03 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id B0B2DE0A7C;
	Sat, 11 Sep 2010 21:31:04 +0000 (UTC)
Received: from mail-ew0-f53.google.com (mail-ew0-f53.google.com [209.85.215.53])
	by pigeon.gentoo.org (Postfix) with ESMTP id EB797E0A7C
	for <gentoo-user@lists.gentoo.org>; Sat, 11 Sep 2010 21:31:03 +0000 (UTC)
Received: by ewy3 with SMTP id 3so2547874ewy.40
        for <gentoo-user@lists.gentoo.org>; Sat, 11 Sep 2010 14:31:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:from:to:subject:date
         :user-agent:references:in-reply-to:mime-version:content-type
         :content-transfer-encoding:message-id;
        bh=xbK2FcaTR70t7DPD7cAgBMYI68a5kesuuu7Qdi3SftI=;
        b=DpTV6mTmiiPLeJEV4QSe4ucNYJWZJc0wI8wlWyWvh46WmJymfe3F2HNYAdSFAa8oZT
         kHcZ/mZkRHruISt5/N55glO2U4/wBHGOPA8nwH4GsqQGIfslBBpGVAPAtWf4o+RrxLM/
         46rFM2V1o516ygFKAHcy01ookPU4H998cuZfs=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=from:to:subject:date:user-agent:references:in-reply-to:mime-version
         :content-type:content-transfer-encoding:message-id;
        b=NgnQjQ3f4rPSxXGnuwfIQ2MTJN3MDgQLC8J0qMGwx9MDKQ+MLEnkSJi6DzOuHLJ0cv
         NMG8n1mA9Xwif50U+Hw5ElDFoJQLORAt51mg37cuu7wLvvAXvkFFYCrK3zKa1+1FjuxJ
         zLBOfmveIpTB77NRu7dhIEpld0aZnnbOkJXwE=
Received: by 10.213.21.129 with SMTP id j1mr1707867ebb.7.1284240663336;
        Sat, 11 Sep 2010 14:31:03 -0700 (PDT)
Received: from nazgul.localnet (196-210-153-155.dynamic.isadsl.co.za [196.210.153.155])
        by mx.google.com with ESMTPS id z55sm6320985eeh.9.2010.09.11.14.31.00
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Sat, 11 Sep 2010 14:31:01 -0700 (PDT)
From: Alan McKinnon <alan.mckinnon@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: sudo in kernel config ?
Date: Sat, 11 Sep 2010 23:30:57 +0200
User-Agent: KMail/1.13.5 (Linux/2.6.35-ck-r2; KDE/4.5.1; x86_64; ; )
References: <201009111024.31634.stephane@22decembre.eu> <4C8BEB3C.6030202@gmail.com> <i6gqlp$c8h$1@dough.gmane.org>
In-Reply-To: <i6gqlp$c8h$1@dough.gmane.org>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <201009112330.57213.alan.mckinnon@gmail.com>
X-Archives-Salt: 986b0ea5-d09a-4f10-ba8a-523d289f3a9f
X-Archives-Hash: 7dbaf12b39d648d353ed7ce56c5ce09b

Apparently, though unproven, at 23:01 on Saturday 11 September 2010, Nikos=
=20
Chantziaras did opine thusly:

> On 09/11/2010 11:49 PM, Dale wrote:
> > Nikos Chantziaras wrote:
> >> On 09/11/2010 11:35 PM, Dale wrote:
> >>> Alan McKinnon wrote:
> >>>> Apparently, though unproven, at 11:46 on Saturday 11 September 2010,
> >>>> Albert
> >>>>=20
> >>>> Hopkins did opine thusly:
> >>>>> On Sat, 2010-09-11 at 10:24 +0200, St=C3=A9phane Guedon wrote:
> >>>>>> few months ago, I read linux kernel in a nutschell(sic), and the
> >>>>>> author
> >>>>>> wrote we shouldn't do kernel operations (config and build) as root.
> >>>>>=20
> >>>>> I call bullsh*t. I've been compiling kernels for 17 years and for t=
he
> >>>>> most part have done it as root without any problems.
> >>>>=20
> >>>> Same here.
> >>>>=20
> >>>> The root user (sometimes portage) creates /usr/src/linux-*
> >>>>=20
> >>>> Someone tell me again exactly how user alan is supposed to build tho=
se
> >>>> sources?
> >>>=20
> >>> If they are accessible by a user, couldn't a user then edit or add
> >>> something that would then cause a security problem? If they can edit
> >>> them and no one know it, then root comes along and builds a shiney new
> >>> kernel with a really nice security hole.
> >>>=20
> >>> Glad only root can get to the sources. ;-)
> >>=20
> >> No, any user can't edit them; only the user you assign the files to.
> >> If you assign them to root, only root can edit them. If you assign
> >> them to kerneluser, only kerneluser can edit them.
> >>=20
> >> This is Unix 101 :)
> >=20
> > My point was, if the sources are say in the user group, then any user
> > can edit them? Right now, they are in the root group and owned my root
> > which for security reasons is a good idea. That way a regular user can't
> > edit or modify the kernel sources.
>=20
> The group can only write if the files have the group write permission
> set.  Still in Unix 101 domain, hehe :)

And you need write permission on the containing directory to create new fil=
es=20
or delete existing ones. Nothing to do with the permissions on the file=20
itself.

With this, I have moved us on to Unix 101a  :-)



=2D-=20
alan dot mckinnon at gmail dot com