In message <200106050253.MAA12121@mallee.awadi>, Brett Lymn writes:
>According to Steven M. Bellovin:
>>
>> (well, /dev/wd0b is mode 640, which is probably a mistake -- 
>>though anyone with operator privs can read any other private file on 
>>the system, though not modify it).
>>
>
>Depends on what you mean by mistake ;-) The device is RO for operator
>so that the operator can perform backups of the system without needing
>root privileges.  That, at least, is the intent.  Whether or not that
>is a valid design is something different.

I (mostly) agree with 640 for most partitions; my comment was about 
that mode for the swap area, which isn't backed up.


		--Steve Bellovin, http://www.research.att.com/~smb