solarflow99 wrote:
I was wondering if anyone uses ACLs? I can't understand why they are
necessary since regular file permissions seem to do the same thing,
plus there are other alternatives such as selinux. Is it safe to say
that ACL's are not very popular?
Another question is why the chattr command even exists, since only 3
of its options even work with newer filesystems now, what use is
setting the (i) attribute compared to chmod 400?
------------------------------------------------------------------------
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
chattr +i filename will prevent even root removing a file unless you
chattr -i it first.
useful if you've got your silly hat on and are doing an rm -fr on a
directory with files in it you really don't want to get rid of or spend
time restoring.
worth noting it works on ext3 but not via nfs.
In terms of SELinux its all about risk, you want top notch security and
can afford to spend the time configuring it and the data its applied on
it high risk? use SElinux, you just want simple servers serving low risk
files and if you get hacked then you wipe the box quickly and restore
the data (and patch the hole) then turn it off.
Also you may be within a company that requires certain standards of
security that SELinux meets that would otherwise prevent the use of linux.
loose explanation http://en.wikipedia.org/wiki/SELinux
--
Alasdair Gow
--
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the sender. Any
offers or quotation of service are subject to formal specification.
Errors and omissions excepted. Please note that any views or opinions
presented in this email are solely those of the author and do not
necessarily represent those of Lumison, nplusone or lightershade ltd.
Finally, the recipient should check this email and any attachments for the
presence of viruses. Lumison, nplusone and lightershade ltd accepts no
liability for any damage caused by any virus transmitted by this email.
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
