solarflow99 wrote:
> I was wondering if anyone uses ACLs? I can't understand why they are
> necessary since regular file permissions seem to do the same thing, plus
> there are other alternatives such as selinux. Is it safe to say that ACL's
> are not very popular?

ACLs are quite new in Linux. I think they use extended attributes.

Standard POSIX file permissions are not actually very useful: I can't
use them give you access to my list of state secrets:-) There is only
one user associated with a file - the file's owner. There's only one
group associated with a file, commonly users.


If I read the ACL documentation aright, and my understanding from it is
consistent other environments, I can create an ACL that says "user
solarflow99 can read this file."

selinux has me confounded, I don't know whether I want to spend the
trouble to comprehend it.


> Another question is why the chattr command even exists, since only 3 of its
> options even work with newer filesystems now, what use is setting the (i)
> attribute compared to chmod 400?

+i prevents root. I've used it sometimes to protect /etc/resolv.conf
I regularly use +a on .bash_history to avoid lost history. Search
debian's security guide.
+S might be useful for xen filessystems in files, but I'd want to test
performance before using it.

I thought the man page says three do not work?


--

Cheers
John

-- spambait
1aaaaaaa@(protected)
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

_______________________________________________
rhelv5-list mailing list
rhelv5-list@(protected)
https://www.redhat.com/mailman/listinfo/rhelv5-list