Naming convention flames
Rui Miguel Seabra
rms at 1407.org
Fri Apr 2 15:09:34 UTC 2004
On Fri, 2004-04-02 at 07:40 -0500, murphy pope wrote:
> >Many users in /etc/passwd can be mapped to a single SELinux user for
> access control purposes (e.g. system_u).
>
> Sounds like /etc/group to me.
Ok, let's say you have users john, jane, doe, and poe
then you have groups like:
staff:x:n:john,jane,doe
and file xpto:
-rw-rw-r-- 1 john staff 3399 Mar 9 00:40 xpto
How do you forbid doe from writing on xpto?
That's an example of what SELinux brings you, in terms of permissions.
You can explictly say xpto can't be written by doe.
Rui
--
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?
Please AVOID sending me WORD, EXCEL or POWERPOINT attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20040402/4cf0d08a/attachment.sig>
More information about the fedora-selinux-list
mailing list