007
is a pretty ideal permission scheme for a spy, though: Deny access to owner & group; let some 3rd party do whatever he likes.
Deny access to owner & group; let some 3rd party do whatever he likes
I believe thats called the honey pot
First thing to do if you need a functioning server
Unless you're a security guy and get off on people not being able to do their jobs due to Access Denied
Recently, I learned of the concept of "Linux capabilities". And yeah, as much as I enjoy reading up on these things, the whole time I was thinking, if something's fucky with these capabilities, I'll never remember to check them...
Funfact: if you want to run for example HTTP server, you can run it with CAP_NET_BIND_SERVICE and no_new_priv.