[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: can touch(1) readonly files
From: |
Russell Coker |
Subject: |
Re: can touch(1) readonly files |
Date: |
Tue, 13 May 2003 23:10:26 +1000 |
User-agent: |
KMail/1.5.1 |
On Tue, 13 May 2003 21:53, Bernd Eckenfels wrote:
> On Tue, May 13, 2003 at 04:59:24PM +0800, Dan Jacobson wrote:
> > But how can I protect _myself_ from _myself_?
>
> Protection from yourself, especially if you are root are extended Unix
> features (like for example immutable and append only files, RBAC or
> SELinux).
>
> And it is still not a core-utils bug but a property of the Linux kernel.
Bernd is correct. It's a kernel issue.
SE Linux allows you to determine who has setattr permission for each file,
writing to a file or appending to it will still change the time stamps in the
usual fashion, but write and append access can be controlled independantly of
read access too.
SE Linux allows control over what your processes do. Running a particular
program can automatically transition to a different domain with different
levels of access to various resources.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page