On 7/18/23 14:52, Ralf Mardorf wrote: ...
if the cat paws at the keyboard, it doesn't need root privileges, it can execute "rm /path/unified_kernel_image" with the cat's user privileges?
I think that non-root can only do that if mounted uid=<user>. So, as far as cat-safe filesystem, isn't it no different for fat32, ext4 or btrfs? E.g. On my system here I get cat denied :) as root: # findmnt -t vfat /efi0 TARGET SOURCE FSTYPE OPTIONS /efi0 /dev/sda1 vfat ... # ls -l /efi0/foo 0 -rwxr-xr-x 1 root root 0 Jul 18 15:06 /efi0/foo* As user kitty: $ rm -iv /efi0/foo rm: remove write-protected regular empty file '/efi0/foo'? y rm: cannot remove '/efi0/foo': Permission denied $ ls -l /efi0/foo 0 -rwxr-xr-x 1 root root 0 Jul 18 15:06 /efi0/foo*
...I would also like to avoid fat as much as possible ... out of principle.
understood.