On 12/7/10 1:45 PM, Marko Vojinovic wrote:
And it isn't really rocket science. It's just an extension to the existing classical permissions system --- it works in analogous way, just with greater flexibility and power. If you know how to understand and use file permissions, you will easily grasp all about SELinux.
No, it doesn't have much in common with the standard uid/gid based permissioning system.
- disable SELinux and be ignorant about security.
If you choose 5), feel free to also disable iptables, log in as root all the time, and make sure that the root password is clearly visible on the company website. Why bother with all that stuff, anyway? ;-)
I think you've missed the point that 'all that stuff' (being traditional unix security mechanisms) are not all that insecure. It is only when you get them wrong that you need to fall back on selinux as a safety net. And if you can't get the simple version right, how can you hope to do it right with something wildly more complicated?