More PATH fallout. Who decided this was a good idea?

Chris Adams cmadams at
Sat Dec 6 06:26:32 UTC 2008

Once upon a time, Seth Vidal <skvidal at> said:
> And do we seriously think we can keep the code away from a non-root user 
> by chmodd'ing the binaries? A user can get a binary for anything 
> fedora can install in about 30s w/firefox.

The same really applies to RHEL, except it might take a few minutes.
There's not much reason for any file that isn't intended to be modified
(e.g. included in an RPM and not marked %config) to be "protected".

I opened a bug (441495) about BIND permissions (in RHEL 5 specifically
but Fedora as well) a while back, because the restricted permissions are
even stupider there; it is possible to allow a non-root user to use rndc
with permissions on the rndc config file, but RHEL/Fedora distribute
rndc owned root:root perms 0750.

Chris Adams <cmadams at>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

More information about the fedora-devel-list mailing list