Mailinglist Archive: opensuse (817 mails)

< Previous Next >
Re: [opensuse] yast access restrictions
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2012-07-24 11:15, Rodney Baker wrote:
On Tue, 24 Jul 2012 18:35:24 Rodney Baker wrote:
On Tue, 24 Jul 2012 07:51:28 Carlos E. R. wrote:
On 2012-07-22 22:47, lynn wrote:

What about AppArmour? Can't that do it?

Nevermind - it appears not (I just had a look). But I'm pretty sure SELinux
has a
mechanism to do this. It's been a long time since I played with it, though.

ACL can do it, I think, but it requires someone designing a long list of what
binaries must
run for the desired action (say, configure nfs in yast), and what files you
must have read or
write access, then define a group that has all those permissions defined. And
you have to do
this for the hundred different actions you can permit or not. Once done, you
can assign users
to those action groups. Then you need months or years to test all this.


- --
Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 "Celadon" at Telcontar)


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlAOcfoACgkQIvFNjefEBxoWIACguHyOMBtZw5z4RhTbTBPjs2Sf
cqEAn0jyeqWTfU0ELOwA5+HH4J4iQg8T
=ER2b
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups