Subject: Re: /var/cron -> /etc/cron
To: None <>
From: Greg A. Woods <>
List: current-users
Date: 04/11/1999 20:40:40
[ On Sunday, April 11, 1999 at 12:06:24 (+0200), Ignatios Souvatzis wrote: ]
> Subject: Re: /var/cron -> /etc/cron
> On Sat, Apr 10, 1999 at 03:39:42PM -0600, Chris Jones wrote:
> > Nah, just make the tabs directory mode 700.  If you can't get a file
> > descriptor on it, you can't edit it.
> Unless somebody implements open_by_inode(), maybe.

That would so totally break the Unix security model that you might as
well just give users read access to the raw disk!  ;-)

An open_by_inode() system call, if it ever comes to be, must be usable
only by the superuser, since the permissions on the actual target inode
are only a part of the security of the file.

Directories are not just for creating a hierarchical view -- they have
permissions and ownerships for a very good reason.

							Greg A. Woods

+1 416 218-0098      VE3TCP      <>      <robohack!woods>
Planix, Inc. <>; Secrets of the Weird <>