On Fri, 2009-12-11 at 18:17 -0800, John Andersen wrote:
On Friday 11 December 2009 01:24:07 am Basil Chupin wrote:
The only mantra I keep hearing is that only someone with root access can do anything to a Linux system - but a while back, in this forum, there was a statement which stated that permissions can be altered even if they were within the user's home directory -- but this is where the discussion stopped because noone wanted to carry on with this topic any further. Well maybe it had already become a long boring rant by then.
+1. Aw, heck, +5
However, this is what SELinux is all about, as best as I understand. With it you can even control the user's ability to install executables in their own directory which would be quite nice for things like corporate machines.
Or mount /home as "noexec" [which is normal for fileservers]. man mount
I've been meaning to take another look at SELinux, the last time I looked it was a bit of a major hack to get all the Access control lists established.
There is all App Armour. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org