SELinux best practices

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Is there a "recommended" way to setup access for privileged admin tasks with sudo?
In Dominick Grift's blog article http://selinux-mac.blogspot.com/2009/06/selinux-lockdown-part-seven-su-newrole.html
the user assigned the webadm_r role gets a sudo access with match "ALL"
so in this example you trust SELinux solely to protect the system from unauthorized access.
Is this way you would normally do it on a production machine?
If you make the sudoers rules more specific for the actual commands the admin user need to run
you will gain some initial lock-down from sudo, but at the expense of the sudoers file
requiring significantly more maintenance.
Administrators generally like scripting to automate task, but by allowing a sub-admin to run a shell with uid=0
we are again left with only SELinux to prevent unauthorized access.
Is the general feeling that SELinux in say fedora12 is mature enough so that we can trust that it will protect
the system from unauthorized access if we allow sub-administrators to run scripts as uid=0 ?
I see that support for capabilities on files has finally found its way into fedora12. It that something that is
being used to achieve some sort of middle ground between the two alternatives I listed above?

/Leif
 
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux