RE: Needs to prevent executing su.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>If you tweaked the policy such that sysadm_t can't access the files,
>and if the postgres user does not have a SE Linux identity then su to
>the postgres user will not grant access to the files.
Let me explain in more details my problem.
What I did:
1. prevented root access to the postgresql data files located at
/var/lib/pgsql;
2. created custom pgsql_t type and pgsql_r role;
3. created selinux user postgres:
	user postgres roles pgsql_r;
4. all postgresql directories and files has a proper types(e.g.
pgsql_home_dir_t, pgsql_home_t).
Therefore I have two persons: root and postgres. User root is the server
administrator, but
he can't access to the postgresql data files. And user postgres is the
database administrator.
He will do all database related operations(e.g. database backup). Hence
postgres has access
to the postgresql data files. So for security reason i need to prevent
transition from user root to user postgres.


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux