Chapter 23. Protecting Against Intruders with Security-Enhanced Linux


On a system without Security-Enhanced Linux (SELinux) enabled, discretionary access control (DAC) is used for file security. Basic file permissions as discussed in Chapter 4, “Understanding Linux Concepts,” and optionally access control lists as described in Chapter 7, “Managing Storage,” are used to grant file access to users. Users and programs alike are allowed to grant insecure file permissions to others. For users, there is no way for an administrator to prevent a user from granting world-readable and world-writable ...

Get Red Hat® Enterprise Linux® 5 Administration Unleashed now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.