Needs to prevent executing su.
Igor Borisovsky
igor at datanaut.com
Fri Jun 11 13:53:52 UTC 2004
root operates as server administrator. Now selinux policy configuration
forbids root access to the postgresql data files.
Postgresql database contains secure data. Therefore root must not be able to
access to this information.
Instead of there is database administrator. This person is authorized to do
all database related operations.
So I need to prevent executing 'su postgres' for root.
-----Original Message-----
From: Russell Coker [mailto:russell at coker.com.au]
Sent: Friday, June 11, 2004 5:36 PM
To: fedora-selinux-list at redhat.com
Cc: Igor Borisovsky
Subject: Re: Needs to prevent executing su.
On Fri, 11 Jun 2004 23:13, "Igor Borisovsky" <igor at datanaut.com> wrote:
> How to prevent executing 'su postgres' command by root?
If the identity "root" is only permitted the "user_r" role (as implemented
on several SE Linux machines) then they will not be able to run the su
command, or perform other administrative tasks (including access to postgres
data files).
If "root" operates in the traditional unix manner (IE having full control
over the machine) then why try to restrict it from "su postgres" as it can
already access all such files?
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-selinux-list
mailing list