httpd newbie / access denied, no permission to ~userid
Tim
ignored_mailbox at yahoo.com.au
Thu Aug 18 13:27:39 UTC 2005
Tim:
>> But perhaps I should be more explicit: If, *I* set something as world
>> readable, apart from I feel that it ought to do precisely what I just
>> set it as, why cannot the system also be able to set the appropriate
>> SELinux restrictions at the same time?
Rahul Sundaram wrote:
> A good question. This goes back to the fundamental concept of SELinux.
> Its based on objects ( read it as processes for simplicity). The
> traditional form of Linux security is based on users. Users can set
> their files to world readable and it becomes "world readable". This can
> be a potential security issue.
In what way, though? A user can only modify their own files, or others
made available to them. An ordinary user can't make the passwords file
available to other people, though.
--
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.
More information about the fedora-list
mailing list