Needs to prevent executing su.
Russell Coker
russell at coker.com.au
Fri Jun 11 13:36:22 UTC 2004
On Fri, 11 Jun 2004 23:13, "Igor Borisovsky" <igor at datanaut.com> wrote:
> How to prevent executing 'su postgres' command by root?
If the identity "root" is only permitted the "user_r" role (as implemented on
several SE Linux machines) then they will not be able to run the su command,
or perform other administrative tasks (including access to postgres data
files).
If "root" operates in the traditional unix manner (IE having full control over
the machine) then why try to restrict it from "su postgres" as it can already
access all such files?
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the selinux
mailing list