On Fri, Mar 6, 2009 at 4:06 AM, Jim Wildman <jim@xxxxxxxxxxxxx> wrote:
> There are VERY definitive benefits to running SELinux. The best
> description I've found is that it is like an iron cage on the inside of
> a window. Even if something gets past the glass, its still inside a
> window. I've had SELinux stop exploits against php scripts on
> production servers.
On my first Centos (5.0) box, that was what I thought. SELinux sounded
like a fantastic idea. Until all it does is clog up the log and bog
down the system, I had to kill/mangle setroubleshoot before the system
became responsive again. Hence in the end, it did not seem to provide
any practical benefits.
>It is also a great training tool for teaching you
> what "common practices" you've picked up are a bad idea (ie, cp'ing
> stuff around as root).
Darn! :D
What would be the recommended practise for moving files own by a
different user to another user if not via su and cp/mv?
> That said, it does generate some very obtuse log messages (the
> deciphering of which will teach you even more).
Any difficult learning process naturally will teach more. However,
when you're pressed for time to get something working and that is only
a supplementary role (administrating the box) to your primary task,
very often it's just easier and faster to make do with what works.
Clients, unfortunately, very often do not appreciate invisible
efforts/benefits. Kind of like feeling you were trying to rip them off
for specing that "redundant" raid gizmo, until the drive actually
crashes. :(
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
