in reply to "safe" perl cron environment?

The only way to do this would be to use capabilities to eliminate root's special priviledges. If you are really paranoid, you might want to investigate encrypting the file system with the scripts and only mounting the file system after the capabilities have kicked in. The main question I have is why are you trying to prevent root from gaining access to the scripts. Are you running on an unprotected machine? Do you not trust your system administrators? Here are some things to think about: people with root access usually have physical access to the machine. If they want to, they can reboot the machine and run anything, completely bypassing any protection.

Replies are listed 'Best First'.
Re: Re: "safe" perl cron environment?
by jhanna (Scribe) on Dec 02, 2002 at 18:41 UTC
    The main question I have is why are you trying to prevent root from gaining access to the scripts. Are you running on an unprotected machine?
    No, I'm trying to protect the machine in the best possible ways.

    Do you not trust your system administrators?
    I 85% trust my system admin.... It's the 15% I worry about. :-)

    Here are some things to think about: people with root access usually have physical access to the machine. If they want to, they can reboot the machine and run anything, completely bypassing any protection.
    That's true. And if they did that I'd probably know about it. It's possible, but I'm more worried about a remote root vulnerability. Still, if by using ACLs or encrypted file systems I could make that difficult, it would be worth some effort.

[reply]

In Section Seekers of Perl Wisdom