On Fri, 11 Jun 2004 23:13, "Igor Borisovsky" <igor@xxxxxxxxxxxx> wrote: > How to prevent executing 'su postgres' command by root? If the identity "root" is only permitted the "user_r" role (as implemented on several SE Linux machines) then they will not be able to run the su command, or perform other administrative tasks (including access to postgres data files). If "root" operates in the traditional unix manner (IE having full control over the machine) then why try to restrict it from "su postgres" as it can already access all such files? -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
