Re: ACL

From: <m.roth2006@xxxxxxx>
Date: Mon, 28 Jul 2008 14:09:54 -0400 (EDT)

Date: Mon, 28 Jul 2008 09:55:13 -0400
From: "Mark Haney" <mhaney@xxxxxxxxxxxxxxxx>

Laszlo BERES wrote:

Chris St. Pierre wrote:

No. Root is supreme. Root can do _everything_.

Except when you implement SELinux with strict or MLS policies. But I
think that's not an option in that case.

Are you saying you can deny root access to a file with SELinux? Is that
ever wise?

Yes, and only when you have "operators" and not sysadmins with root access. The answer to that, of course, is turning off selinux in /proc, then editing /etc/selinux/conf, and turning off selinux permamantly.

mark *really* don't like selinux

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Prev by Date: /tmp directory mode
Next by Date: Re: perl
Previous by thread: Re: ACL
Next by thread: Any other way to install latest patches on RHEL if there's no access to Internet
Index(es):
- Date
- Thread

Relevant Pages

Re: ACL
... Except when you implement SELinux with strict or MLS policies. ... senior IT engineer, trainer ...
(RedHat)
Re: ACL
... Except when you implement SELinux with strict or MLS policies. ... Are you saying you can deny root access to a file with SELinux? ...
(RedHat)
Re: httpd.conf trouble
... > It just keeps saying ... > but i had it working in fc2, ... I think the error message is confusing. ... And I bet you have SELinux ...
(Fedora)
Re: F12 Bind and Dnssec
... Ed Gurski writes: ... I'm wondering if SELinux is getting in the way? ... It is still saying "expected IP address near 'dnssec-enable'"? ... it was expecting an address. ...
(Fedora)