On Sun, 13 Jun 2004 23:26, igor@xxxxxxxxxxxx wrote: > Thanks for reply. > Now root can't access to the postgresql data files. > I'd tweaked selinux policy for that. > I just need to prevent executing 'su postgres' command by root. If you tweaked the policy such that sysadm_t can't access the files, and if the postgres user does not have a SE Linux identity then su to the postgres user will not grant access to the files. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page