However, with SELinux, we can define what a user or process can do. bob can grant (and restrict) access to this file to other users and groups or change the owner of the file. We can see an output like the following: total 4 The “other” entity will possibly have no access to it.įor checking the contents inside bob’s home directory we can use the following command: # ls -l /home/bob/ If a user bob creates a file in their home directory, that user will have read/write access to it, and so will the bob group. These entities can have a combination of Read, Write, and Execute (r,w,x) permissions on a file or directory. In a traditional security model, we have three entities: User, Group, and Other (u,g,o). To understand DAC, let us first consider how traditional Linux file security works. This is implemented on top of what is already present in every Linux distribution, the Discretionary Access Control (DAC). SELinux implements Mandatory Access Control (MAC). Today let’s how our Support Techs do this for our customers.īefore going into the steps for setting up, we will see reasons to setup this on CentOS. Here at Bobcares, we handle requests from our customers to set up SElinux on CentOS 7 as a part of our Server Management Services. If we properly configure SELinux it can greatly reduce security risks, and help us to troubleshoot access-related error messages. Security Enhanced Linux or SELinux is a Linux kernel security module that brings heightened security for Linux systems. Wondering how to set up SELinux on CentOS 7? We can help you.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |