Packages are usually installed from a package manager. It's also why /usr and even /sbin are sometimes separate partitions - a particularly security conscious admin can mount those partitions readonly and remount them read/write when an install/uninstall needs to happen. UNIX, and Linux, being a multiuser system from much earlier on, had the tendency to separate executable directories from other directories much earlier, since there was a need to prevent users other than root from modifying installed binaries. With the advent of Vista and UAC annoyances, this tradition is finally starting to seriously lose traction. Similarly library directories which may be updated separately from main executables should also be in a separate directory. That way it's easier to apply appropriate file permissions to prevent modification of installed binaries by unauthorized users. Places where executable code lives should be separated from modifiable data. This is derived from how programs were usually installed and ran under single-user, non-networked, non-file-permission DOS.įrom a security standpoint, this is a bad idea. Under Windows, particularly older versions, it was common for programs to store configuration files and non-constant data in their C:\Program Files directory.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |