On Sun, 24 Oct 2004 19:24, Jan Lhr [EMAIL PROTECTED] wrote:
Yes, and that is one of the core points in my suggestion that you look
at SELinux or a similar mandatory access control based security module.
SELinux is overkill in some ways. A system adminstrator, not being able to
handle ACLs
On Thu, Oct 28, 2004 at 01:09:18AM +1000, Russell Coker wrote:
The problems which started this discussion are all already solved with the
default SE Linux policy.
Not the one about easy for naive administrator to manage. That would
presumably include the naive administrator being able to add a
On Tue, Oct 26, 2004 at 10:33:20AM +0100, Duncan Simpson wrote:
I think groups might be enough here. Just remember group access does not
have be more than other access. I could create a gorup called nobin and
do something like
# chgrp nobin /bin
# chmod 705 /bin
# chgrp nobin /usr/sbin/some_daemon
Greetings,...
Am Samstag, 23. Oktober 2004 00:36 schrieb Michael Stone:
On Fri, Oct 22, 2004 at 11:13:55PM +0200, Jan Lühr wrote:
Of course, providing security on that level is not the best way to ensure
the system's integrity and safety.
But why do you think, that security on filesystem
Greetings,...
Am Samstag, 23. Oktober 2004 05:58 schrieb Daniel Pittman:
On 23 Oct 2004, Jan Lhr wrote:
Am Freitag, 22. Oktober 2004 14:02 schrieb Daniel Pittman:
On 22 Oct 2004, Jan Lhr wrote:
Yes, and that is one of the core points in my suggestion that you look
at SELinux or a similar
On Sun, Oct 24, 2004 at 10:54:28AM +0200, Jan Lühr wrote:
What do you expect here? Of course there is a tradional unix approach (groups
-ugly one I admit - and a more clean approach using posix acls)
I expect that the person going off on this (you) show *exactly* what
implementation will give
On 22 Oct 2004, Jan Lhr wrote:
because of the recent xpdf issues I tested the access restrictions of some
users like lp, mail, etc. with default settings in sarge. I noticed that, by
default, no acl were used to prevent access to vital system commands, the
user shouldn't have. For instance:
Greetings,
Am Freitag, 22. Oktober 2004 14:02 schrieb Daniel Pittman:
On 22 Oct 2004, Jan Lhr wrote:
because of the recent xpdf issues I tested the access restrictions of
some users like lp, mail, etc. with default settings in sarge. I noticed
that, by default, no acl were used to prevent
On Fri, Oct 22, 2004 at 11:13:55PM +0200, Jan Lühr wrote:
Of course, providing security on that level is not the best way to ensure the
system's integrity and safety.
But why do you think, that security on filesystem level is doomed to failure
if it's part of a security concept?
Because you
On 23 Oct 2004, Jan Lhr wrote:
Am Freitag, 22. Oktober 2004 14:02 schrieb Daniel Pittman:
On 22 Oct 2004, Jan Lhr wrote:
because of the recent xpdf issues I tested the access restrictions of
some users like lp, mail, etc. with default settings in sarge. I noticed
that, by default, no acl were
10 matches
Mail list logo
