[CS-FSLUG] Permissions Structure
l4c at thelinuxlink.net
l4c at thelinuxlink.net
Sat Jan 10 10:57:19 CST 2009
On Sat, 10 Jan 2009, Ed Hurst wrote:
> Thanks; been there and done that. It may end up being the "final
> solution" on my imaginary future Linux distro.
>
> I've also looked at umask, and a few other items. I turned off SELinux
> on CentOS because it's still way over my head. The irony is, so far,
> SELinux may still be the shortest path to implement broader permissions
> on anything related to RHEL.
>
> I was hoping someone we more familiar with the policies of various
> distros so I could get a summary of what is different. For example,
> openSUSE allows me to read almost anything in /var/log, but CentOS
> has only a few open to my user ID.
>
> On a related matter, default file movement permissions are much more
> strict on removeable devices. The rsync tutorial a few months back
> doesn't work so well on CentOS. I used a SUSE box to create the backup
> on my ext3-fomatted flash drive -- user was able to run the command. On
> a Debian installation, I could run it again without trouble as a normal
> user. In CentOS, only root can perform that operation, because the user
> doesn't have permission.
>
> While those activities aren't likely for the common home user refugee
> from Redmond, it signals to me possibly complaints I might have if I
> ask one of them to try CentOS. If there is something I can do to
> simplify user access on CentOS, then I can "repackage" it and save the
> poor benighted souls. At least, it helps resolve one issue.
>
> --
> Ed Hurst
Well, I am RedHat certified and to tell you the truth, the first thing I
do with SELinux is turn it off. It drives me crazy, and it is so
complicated, that in large corporate instalations, the recommendation is
to have SELinux admins on hand to handle nothing but that (that is if they
use it).
As far as the other permissions, just take a good look around and take
stock of what you really want you user to be able to do. Many times it's
as simple as including your user into another group (or two), and that's
really simple to do.
--
-Linc Fessenden
In the Beginning there was nothing, which exploded - Yeah right...
More information about the Christiansource
mailing list