• PotatoesFall@discuss.tchncs.de
    link
    fedilink
    arrow-up
    0
    ·
    5 months ago

    I’m no expert on this but I’m pretty sure the /etc directory is writeable too for config files, which sadly still allows a user or malware to still bork the system if they get superuser privilege

    • fullstackhipster@awful.systems
      link
      fedilink
      arrow-up
      0
      ·
      5 months ago

      I find it hard to imagine a system that is not borkable by a superuser. Maybe it’s helpful to think of immutable setups as harder to bork by accident during routine maintenance (e.g. through faulty updates) and more resilient to bad code (through containerization).

      • PotatoesFall@discuss.tchncs.de
        link
        fedilink
        arrow-up
        0
        arrow-down
        1
        ·
        5 months ago

        good point, that’s fair. The reason I think it bears mentioning is that editing configs under /etc/ is totally something we might expect a user to do. So you could follow a tutorial online that is wrong or outdated and with enough bad luck, tada, you bricked your “immutable” system. Or, less dramatic and more likely, something doesn’t work as intended anymore and you don’t know how to restore to the original config from when you installed.