Needs to prevent executing su.
Russell Coker
russell at coker.com.au
Sat Jun 12 08:18:58 UTC 2004
On Fri, 11 Jun 2004 23:53, "Igor Borisovsky" <igor at datanaut.com> wrote:
> root operates as server administrator. Now selinux policy configuration
> forbids root access to the postgresql data files.
> Postgresql database contains secure data. Therefore root must not be able
> to access to this information.
> Instead of there is database administrator. This person is authorized to do
> all database related operations.
> So I need to prevent executing 'su postgres' for root.
The solution is that you use SE Linux to control which domains can access the
files in question, and not use Unix permissions to do this.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list