What is a "user", other than an application running under a specific (e)uid
and (e)gid? Many user-run applications create and access files in /tmp, and
will not work without access to /tmp. Even legitimate user-run shell
scripts create and access files in /tmp.
So, you intend to all all shell users? If not, then you break some user's
legitimate use of applications.
By enabling the sticky bit on the /tmp directory, you ensure that only the
descendant file's owning uid can delete or rename the file.
Yes. Generally, the steps you are taking to "secure" your system will,
instead, break it. You /really/ need to learn how to administer your system
before you start "optimizing" or "securing" it.
I recommend that you at least read
- "Operating Systems - Design and Implementation"
by Andrew Tanenbaum and Albert Woodhull
- "Linux in a Nutshell"
by Ellen Siever, Stephen Figgins & Aaron Weber
- "Linux Security Cookbook"
by Daniel Barrett, Richard Silverman & Robert Byrnes
- "Building Secure Servers with Linux"
by Michael Bauer
and look into taking a /good/ course in Unix system administration at your
local college first.
Master Codewright & JOAT-in-training | Registered Linux User #112576
| GPG public key available by request
---------- Slackware - Because I know what I'm doing. ------