Agreed. The group who blesses systems in my environment recommended that
we look into the use of MAC to guarantee separation.
On Mon, Aug 25, 2014 at 10:33 AM, <m.roth(a)5-cent.us> wrote:
David Compton wrote:
> I am considering using SELinux to secure the file system of a server that
> will be used as a multiple category file store. The individual
> cannot have the ability to access data in a directory of a different
> category. Users for each category will need to access the server via
> and NFS. Additional user interfaces my become necessary in the future
> (http(s), (s)ftp, etc).
> I am new to writing SELinux policies and was hoping that someone could
> point me in the direction of a template for a similar design that I could
> use as a base.
I suppose, though regular *Nix groups would seem to work just as well,
along with the samba configuration.