Re: Access to the postgresql data files

4 Jun 2004


      On Fri, 4 Jun 2004 01:43, "Igor Borisovsky" igor@datanaut.com wrote:
...
Hi.
I have a question about selinux policy configuration for FC2.
I need to forbid access to the postgresql data files from user root.
[...]
...
I guess i need to find and revoke this permission from sysadm_r role.
After looking at the policy.conf file I can't understand this.
So how can i prevent access to postgresql data files from user root?
sysadm_t domain (the default domain for sysadm_r role) has access to almost 
everything on the system.  sysadm_t can run fdisk, useradd, vipw, etc.
You can't realistically deny sysadm_t access to any resource without 
significant changes to the entire policy (such things have been discussed but 
are a long way from being implemented).
You can deny the root user sysadm_r role to deny them such access (but make 
sure you grant another user sysadm_r so that you can still administer your 
system).
-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: Access to the postgresql data files