• 1 Post
  • 817 Comments
Joined 2 years ago
cake
Cake day: June 12th, 2023

help-circle


  • Short answer: yes.

    One of the tenets of security is that a user or process should have only enough access to do what it needs, and then no more. So your web server, your user account, to your mail server, should have exactly what they need, and usually that’s been intricately planned by the distro.

    If you subvert it you could be writing files as root that www-data now can’t read or write. This kind of error is sometimes obvious and sometimes very subtle.

    Especially if you’re new to this different access model, tread carefully.

    Great news! If you need it up, many distros are really great at allowing you cm to compare permissions and reset them. The bad news is that maybe you’re not on one of those. But you could be okay.






  • # rpm -Vp https://download.rockylinux.org/pub/rocky/9/BaseOS/x86_64/os/Packages/n/net-tools-2.0-0.64.20160912git.el9.x86_64.rpm

    Oh. Glad to know every part of that package is absolutely as delivered, and signatures are clean in a chain from the distro’s published keys down to the checksums on every file deployed.

    Yes, this has saved my bacon. Yes, this has absolutely shut some distros out of consideration.