Tim: >> But perhaps I should be more explicit: If, *I* set something as world >> readable, apart from I feel that it ought to do precisely what I just >> set it as, why cannot the system also be able to set the appropriate >> SELinux restrictions at the same time? Rahul Sundaram wrote: > A good question. This goes back to the fundamental concept of SELinux. > Its based on objects ( read it as processes for simplicity). The > traditional form of Linux security is based on users. Users can set > their files to world readable and it becomes "world readable". This can > be a potential security issue. In what way, though? A user can only modify their own files, or others made available to them. An ordinary user can't make the passwords file available to other people, though. -- Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
