Any access control mechanism that allow exceptions?
From: Xin Zhao
Date: Sat Aug 06 2005 - 02:09:37 EST
Hi,
I want to lock down a directory to be read-only, say, /etc, for system
security. Unfortunately, some valid system tools might need to
create/modified files like "/etc/dhclient-eth0.conf". To avoid
disrupting the normal running of those tools, I might have to allow
certain files to be created under /etc.
Is there any way that allows me to specify what files are allowed to
be created while locking down the whole directory at most of the time?
I think of adding an exception list as extend attributes of Ext3
filesystem, and changes the Ext3 filesystem to enforce the policy. But
this method looks awful.
Any elegant way to achieve this goal?
Thanks
xin
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/