On Sat, 7 Aug 1999, Darren Reed wrote: > In some mail from Tim Fletcher, sie said: > > > > > I think I defeated myself in trying to explain the implementation I was > > > trying to describe. For each user, when they login, a virtual /tmp is > > > created and that is shared between all sessions that user has. This is > > > setup at login time and is carried forth to all children, root or not, > > > and cannot be reset (somewhat akin to chroot) unless devious methods are > > > employed (i.e. write to /dev/mem). > > > > > > So if I have 10 logins to host foo, each login sees the same /tmp, even > > > the root shells I generate via su/sudo in half. If I login as root, I > > > don't have the same /tmp (I get a different one). cron/at jobs would > > > be no different. So the `real' /tmp could even be 755 root.wheel. > > > > Although it does rather cripple /tmp in another way: That of sharing > > information between users. If I tell another user that the file s/he wants > > is in /tmp (as my /home/tim dir is 711 with most files 600) I don't have > > to mess with file perms and s/he doesn't have to get the exact right name > > to read the file. > > Why do they need to access your home dir ? You're making assumptions > which you probably shouldn't... > I think perhaps you misread what he was saying. He's not saying that he wants another user to have access to his /home dir. He is, however, saying that a common /tmp makes it possible for him to share files with another user without compromising his own security. If /tmp was assigned on a per-user basis, he would be unable to use the /tmp directory in that fashion. --- Doug Harple / Community Connect dharpleat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:55:50 PDT