On Fri, 11 Jun 2004 23:53, "Igor Borisovsky" <igor@xxxxxxxxxxxx> wrote: > root operates as server administrator. Now selinux policy configuration > forbids root access to the postgresql data files. > Postgresql database contains secure data. Therefore root must not be able > to access to this information. > Instead of there is database administrator. This person is authorized to do > all database related operations. > So I need to prevent executing 'su postgres' for root. The solution is that you use SE Linux to control which domains can access the files in question, and not use Unix permissions to do this. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
