On Fri, Mar 6, 2009 at 4:06 AM, Jim Wildman <jim at rossberry.com> wrote: > There are VERY definitive benefits to running SELinux. The best > description I've found is that it is like an iron cage on the inside of > a window. Even if something gets past the glass, its still inside a > window. I've had SELinux stop exploits against php scripts on > production servers. On my first Centos (5.0) box, that was what I thought. SELinux sounded like a fantastic idea. Until all it does is clog up the log and bog down the system, I had to kill/mangle setroubleshoot before the system became responsive again. Hence in the end, it did not seem to provide any practical benefits. >It is also a great training tool for teaching you > what "common practices" you've picked up are a bad idea (ie, cp'ing > stuff around as root). Darn! :D What would be the recommended practise for moving files own by a different user to another user if not via su and cp/mv? > That said, it does generate some very obtuse log messages (the > deciphering of which will teach you even more). Any difficult learning process naturally will teach more. However, when you're pressed for time to get something working and that is only a supplementary role (administrating the box) to your primary task, very often it's just easier and faster to make do with what works. Clients, unfortunately, very often do not appreciate invisible efforts/benefits. Kind of like feeling you were trying to rip them off for specing that "redundant" raid gizmo, until the drive actually crashes. :(