• 1
(Deleted comment)

Re: why ssh local root?

Interesting, although most security (DOD Types) I talk to, never want anyone logging in as root. They want the users to use sudo so they can log everything the administrator does. One goal with confined admins is to eliminate the use of the root password. With SELinux we can define a confined addmin like webadm_t which can only manage the httpd directories and processes. You would never give this admin the root password. Since he could use that to break out of his confinement

Handling untrusted softwares

One of my main security concern with my Linux desktop is that I have to use (for some reasons) highly untrusted software like Skype. So the classic way to handle this is to run it as an different (unprivileged) user.

But from what I understand what you showed us here is fantastic because I could say Skype can only access ~/.skype/, ~/Download/, the network through the HTTP port and basta !

So my question is : how do we do this on a Fedora 9 box for example?

Thanks ;-)

Howto - sudo in strict policy type

Hi Dan,

Can you please explain "How to set up sudo?" in case the policy type in use is STRICT. Say for example I'm intrested to manage http service thru sudo command:-

sudo service httpd start &
sudo service httpd stop

Thanks in advance.


  • 1

Log in