Re: Any access control mechanism that allow exceptions?

From: Horst von Brand
Date: Sat Aug 06 2005 - 21:28:32 EST

Next message: James C. Georgas: "Re: Freeing a dynamic struct cdev"
Previous message: H. Peter Anvin: "Re: [PATCH 1/8] Move MSR accessors into the sub-arch layer"
In reply to: Henrik Kretzschmar: "Re: Any access control mechanism that allow exceptions?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Xin Zhao <uszhaoxin@xxxxxxxxx> wrote:
> I want to lock down a directory to be read-only, say, /etc, for system
> security.

If root can bypass that somehow, it is useless anyway.

> Unfortunately, some valid system tools might need to
> create/modified files like "/etc/dhclient-eth0.conf". To avoid
> disrupting the normal running of those tools, I might have to allow
> certain files to be created under /etc.

Use standard permissions, or make affected files inmutable.
--
Dr. Horst H. von Brand User #22616 counter.li.org
Departamento de Informatica Fono: +56 32 654431
Universidad Tecnica Federico Santa Maria +56 32 654239
Casilla 110-V, Valparaiso, Chile Fax: +56 32 797513
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: James C. Georgas: "Re: Freeing a dynamic struct cdev"
Previous message: H. Peter Anvin: "Re: [PATCH 1/8] Move MSR accessors into the sub-arch layer"
In reply to: Henrik Kretzschmar: "Re: Any access control mechanism that allow exceptions?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]