Prenova spletnega mesta Slo-Tech

Sej ne piše, da root nima DOSTOPA do vsega, piše le, da NIMA PRAVICE za pisanje po disku. Meni se to sliši precej različno Je pa dobra varjanta. Ampak če nič nima pravic za pisanje po disku, kaj pa piše po disku?

Ni nujno, da ima root dostop do vsega. Recimo: Hardened Debian, NSA's SE Linux, oziroma išči pod "mandatory access controls".

SELinux is Linux security suite relying on the Linux Security Modules framework which includes Mandatory Access Control and Role-Based Access Control (with Type Enforcement (r) ), in detriment of the old Discretionary Access Control used by standard *nix systems (Linux as well), and bringing advanced & complex permissions and access control over files, sockets, devices... In short, with SELinux you can define explicit rules about what subjects ( users, programs ) can access which objects ( files, sockets, devices ) and in what conditions depending on fine-grained settings (macros, types, roles...) provided within a compiled, binary policy file with a complex and flexible configuration language.

It gives you the ability to separate programs and thereby ensuring a high level of security within the operating system by selecting what information can explicitly be accessed and the conditions it could do so, in other words, it will control programs and users so they could access, manipulate and use the information they need explicitly to work, and not anymore until you explicitly set it.

BTW: zadeva obstaja tudi za Ubuntuja... če ravno koga zanima.

In YOUR opinion, da.