[grsec] effective dual roles / suggested enhancements

[David Cannings]

jnf wrote:
> /home/*/.bash_history               rac
> 
> Wouldn't that give everyone in the group read/append/create access to
> everyone elses home directories? I think I am misunderstanding something
> there.

Remember that normal DAC permissions still apply, grsecurity only takes
away.  Therefore, if possible, simply remove all permissions except for
the user, e.g. home directories with mode 0700.

David