From: Amon Ott <ao@rsbac.org>
Subject: Re: /etc protection
Date: Thu, 23 Aug 2001 09:11:31 +0200
Next Article (by Date): Re: /etc protection Bencsath Boldizsar
Previous Article (by Date): /etc protection redlefthand@chesco.com (RedLeftHand)
Top of Thread: Re: /etc protection steve
Next in Thread: Re: /etc protection Bencsath Boldizsar
Articles sorted by: [Date]
[Author]
[Subject]
On Don, 23 Aug 2001 RedLeftHand wrote: > What model is recommended for protecting /etc from write access by root, > while still allowing normal boot-up tasks; loading modules, hwclock access, > /proc mounting? How, briefly, is that model implemented? Unfortunately, /etc is a collection of files and dirs with very different protection needs. Other ones are /lib and /usr/lib. What I do is define an RC type 'config files' and set it for all files and dirs that contain fixed configuration. Root is not allowed to modify them. If a program has to change anything, e.g. for booting, you can define a role that allows that, and use it as forced or initial role for the program. For configuration, a special role can be defined and e.g. set for a certain user or program (e.g. interactive editor). Amon. - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Date): Re: /etc protection Bencsath Boldizsar
Previous Article (by Date): /etc protection redlefthand@chesco.com (RedLeftHand)
Top of Thread: Re: /etc protection steve
Next in Thread: Re: /etc protection Bencsath Boldizsar
Articles sorted by: [Date]
[Author]
[Subject]