ACL
hike
mh1272 at gmail.com
Mon Jul 28 14:47:59 UTC 2008
No, it is not wise.
It is unethical for sysadmins to access this data without a specific reason
and approval.
If you cannot trust your sysadmins to act in an ethical fashion, YOU have
screwed up big-time.
YOU hire trustworthy people.
YOU train trustworthy people.
Locking-down SELinux does not stop unethical sysadmins.
It will just take a little longer to breach your ill-advised & INSULTING
security.
Once the unethical sysadmin that YOU hired breaks in, she will be (rightly)
pissed and really screw things up.
If you don't trust YOUR sysadmins, either quit (the preferred solution) or
fire the sysadmins.
Doesn't anybody think it is essential to hire TRUSTWORTHY people any more?
Doesn't ANY employer think it is essential to RESPECT their employee any
more?
These are two reasons that businesses in the U.S.A. suck big time!
On Mon, Jul 28, 2008 at 10:19 AM, Broekman, Maarten <
Maarten.Broekman at fmr.com> wrote:
> Yes. It is wise. If you have an application that writes sensitive
> data, you may not want your admins to have access to it as root, either
> for accounting reasons or otherwise.
>
> Maarten Broekman
> Email: maarten.broekman at fmr.com
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Laszlo BERES
> Sent: Monday, July 28, 2008 10:13 AM
> To: General Red Hat Linux discussion list
> Subject: Re: ACL
>
> Mark Haney wrote:
>
> > Are you saying you can deny root access to a file with SELinux? Is
> that
> > ever wise?
>
> Yes, it's possible. Wise or not, there are many scenarios when root
> shouldn't see stored data, but have to administer basic system services.
>
> --
> Laszlo BERES RHCE, RHCX
> senior IT engineer, trainer
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
More information about the redhat-list
mailing list