Michael H. Warfield wrote: > On Wed, 2006-03-01 at 09:20 -0800, Michael Thomas wrote: > >>Rudolf Kastl wrote: >> >>>id personally suggest to treat gamedaemons like other daemons and >>>create seperate system users for the game server processes. >>>A server is a server. Functionality differs but is rather irrelevant >>>in my eyes regarding the system users for the services. > > >>I won't argue that it would be more secure, but couldn't security also >>be accomplished with an appropriate set of selinux policies? > > > Only if you have selinux enabled. > > Make it (more) secure FIRST. Then add additional security from > selinux. What you don't want is someone ending up insecure just because > they have selinux turned off. That's a wrong answer. That's then > depending on selinux for your security rather than using selinux to > enhance your security. Too many eggs in one basket. Right. It seems the concensus is to use different users, and selinux, if used, would be layered on top of that. So what is the use of the 'games' user on the system if it isn't used for game servers? I can't see how setuid games would be acceptible for similar reasons. Or is this user legacy cruft that should just be ignored? --Mike
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
