Ron White wrote: > On Fri, 2010-04-30 at 03:39 -0400, W B Hacker wrote: >> Ron White wrote: >> *snip* >> >> This part should have a new thread of its own if it is to be pursued. >> >>> Moving on from that - today I turn my attention to Clamav and Exim and >>> in particular SELinux on the Cent5 box. The installation was really easy >>> but there are some issues with clam being able to access files in >>> the /scan directory. >>> >>> This is a subject I know nothing about, but want to resist the >>> temptation to do the defacto 'disable SELinux'. Luckily I have the >>> weekend ahead to study and see if I can work it out. Wish me luck! >>> >> Not sure if it fits YOUR need, but we create a special group for our 'postal >> workers' (Exim, ClamAV, SA, Dovecot, Prayer, et al), one OTHER THAN the >> mail:mailnull or other legacy defaults. >> >> Group rights on the fs, and matching EUID:EGID in the DB keep all those >> players >> *and no others* in the same ring-fence. >> >> >> JM2CW >> >> Bill >> >> > At the moment Bill that is mostly Chinese to me - I have some serious > reading to do. I'll save this message in my notecase and hopefully it > will be clear to me after I've had a look at 'the screwdrivers guide to > SELinux' :-) > > >
Last time *I* looked SELinux had been 'blessed' as a useful project and its (better) security features adopted back into the mainstream (and not just of Linux), after which I'm not sure it still justified a life of its own. But - AFAIK - user and group rights still follow the Unix model, so common group membership - with the appropriate mask - is an easy way to insure a .. well . guess one would call it a ...'group' ... of players can share their toys w/o fighting. More importantly - despite different 'owners' who may or may not also be members of the 'group' man chown man chmod etc... Bill -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
