Miscellaneous Settings

Other security settings that don't fit the above-mentioned categories are listed here:

File Permissions

openSUSE comes with three predefined sets of file permissions for system files. These permission sets define whether a regular user may read log files or start certain programs. Easy file permissions are suitable for standalone machines. This settings allows regular users, for example, to read most system files. See the file /etc/permissions.easy for the complete configuration. The Secure file permissions are designed for multi-user machines with network access. A thorough explanation of these settings can be found in /etc/permissions.secure. The Paranoid settings are the most restrictive ones and should be used with care. See /etc/permissions.secure for more information.

User Launching updatedb

The program updatedb scans the system and creates a database of all file locations which can be queried with the command locate. When updatedb is run as user nobody, only world-readable files will be added to the database. When run as user root, almost all files (except the ones root is not allowed to read) will be added.

Current Directory in root's Path / Current Directory in Path of Regular Users

Whenever a program is called without specifying the full path to the executable, the system looks in the user's search path (defined by the variable $PATH) for the executable. By default the current directory is not added to the search path. This setting ensures that, for example, /bin/ls and not the trojan horse /current directory/ls is executed when entering ls. In order to start a program in the current directory the command must be prefixed with ./. When activating these options, the current directory (.) is appended to the search path. It is recommended you not change the default.

Enable Magic SysRq Keys

The magic SysRq key is a keycombo that enables you to have some control over the system even when it has crashed. The complete documentation can be found at /usr/src/linux/Documentation/sysrq.txt (requires installation of the package kernel-source).