games user and group
Michael H. Warfield
mhw at WittsEnd.com
Wed Mar 1 18:53:40 UTC 2006
On Wed, 2006-03-01 at 09:20 -0800, Michael Thomas wrote:
> Rudolf Kastl wrote:
> > id personally suggest to treat gamedaemons like other daemons and
> > create seperate system users for the game server processes.
> > A server is a server. Functionality differs but is rather irrelevant
> > in my eyes regarding the system users for the services.
> I won't argue that it would be more secure, but couldn't security also
> be accomplished with an appropriate set of selinux policies?
Only if you have selinux enabled.
Make it (more) secure FIRST. Then add additional security from
selinux. What you don't want is someone ending up insecure just because
they have selinux turned off. That's a wrong answer. That's then
depending on selinux for your security rather than using selinux to
enhance your security. Too many eggs in one basket.
> --Mike
> --
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 309 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20060301/30cec007/attachment.sig>
More information about the fedora-devel-list
mailing list