[CLUE-Tech] Sys Admin security and user directory security
Timothy C. Klein
teece at silverklein.net
Mon Dec 17 21:32:43 MST 2001
Kevin,
Hmm, this sounds like something of an intractable problem for the
average *nix system. The sysadmin will need root, and root can read
anything on the hard drive. Don't know any simple way around that.
With some *very* crafty use of groups, the admin could be given all the
privileges needed to update the system, without being root, *maybe*.
Perhaps some kind of ACL (access control list) stuff would be the best,
as provided by SELinux from the NSA or Trustix or something? I have
never tried it either, but I bet it can be done with those type of
distros more naturally.
Tim
* Kevin Cullis (kevincu at orci.com) wrote:
> OK folks,
>
> I've got a question that I have not been able to answer: How can you
> provide system security and directory security at the same time with
> different people? For example, I'd like to let the sysadmin handle all
> of the upgrades, updates, etc for the computer security but NOT allow
> the sysadmin to view the financials in /home/kevin directory. I'm
> assuming this is possible, but how does one go about it?
--
==============================================
== Timothy Klein || teece at silverklein.net ==
== ---------------------------------------- ==
== "Hello, World" 17 Errors, 31 Warnings... ==
==============================================
More information about the clue-tech
mailing list