[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Usercreation-policy

From: Enrico Scholz <enrico scholz informatik tu-chemnitz de>
To: fedora-devel-list redhat com
Subject: Re: Usercreation-policy
Date: Wed, 24 Sep 2003 22:06:12 +0200

johnsonm redhat com ("Michael K. Johnson") writes:

>> > I think too, that most daemons need both a dedicated user and a
>> > dedicated group.
> ...
> Actually, I'd like to point forward to SELinux for a possible solution.
> With SELinux, you can generally separate them effectively without having
> different users/groups.

IMO, this is not a very good solution since:

* people without SELinux kernels will get a very unsecure system, since
  their system would have lots of daemons which are running with the
  same uid
* within a SELinux context, you can need several helper-daemons
  (e.g. identd, or a monitoring-daemon) which would run with the
  same uid like the main-daemon and could access this daemon itself
  (kill(2), ptrace(2)) or its files.

Enrico

Follow-Ups:
- Re: Usercreation-policy
  - From: Nils Philippsen
- Re: Usercreation-policy
  - From: Stephen Smalley

References:
- Usercreation-policy
  - From: Enrico Scholz
- Re: Usercreation-policy
  - From: Bill Nottingham
- Re: Usercreation-policy
  - From: Enrico Scholz
- Re: Usercreation-policy
  - From: Bill Nottingham
- Re: Usercreation-policy
  - From: Enrico Scholz
- Re: Usercreation-policy
  - From: Bill Nottingham
- Re: Usercreation-policy
  - From: Michael K. Johnson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]