Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Unix's 40th Birthday



On 2009-08-25 18:54 +0900 (Tue), Edward Middleton wrote:

> SELinux (like any other MAC[1] systems) can be complicated and
> requires tuning for the particular application.

Sure, but there are various ways to go with it. The one where you start
by running as the root user, and remove (you hope) permissions that the
application ought not have is fairly self-evidently more prone to error
than the one where your application never runs as root in the first place.

> The "AllowPasswords no" issue is pretty stupid, but it is in the
> OpenSSH configuration file (a part of the OpenSSH application) not PAM.

Sure, but if PAM weren't there in the first place, the problem wouldn't
exist. And from looking at how PAM works and is configured, it's fairly
obvious that it's ripe for configuration error.

cjs
-- 
Curt Sampson       <cjs@example.com>        +81 90 7737 2974
           Functional programming in all senses of the word:
                   http://www.starling-software.com


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links