Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
CentOS System Administration Essentials

You're reading from   CentOS System Administration Essentials Become an efficient CentOS administrator by acquiring real-world knowledge of system setup and configuration

Arrow left icon
Product type Paperback
Published in Nov 2014
Publisher Packt
ISBN-13 9781783985920
Length 174 pages
Edition 1st Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
Andrew Mallett Andrew Mallett
Author Profile Icon Andrew Mallett
Andrew Mallett
Arrow right icon
View More author details
Toc

Table of Contents (13) Chapters Close

Preface 1. Taming vi 2. Cold Starts FREE CHAPTER 3. CentOS Filesystems – A Deeper Look 4. YUM – Software Never Looked So Good 5. Herding Cats – Taking Control of Processes 6. Users – Do We Really Want Them? 7. LDAP – A Better Type of User 8. Nginx – Deploying a Performance-centric Web Server 9. Puppet – Now You Are the Puppet Master 10. Security Central 11. Graduation Day Index

SELinux


I am not really sure if I can quantify how many blogs I read on the Internet where "the solution" to an issue is to disable SELinux, or at least set it into permissive mode. While I do not disagree that the immediate problem may then be resolved, it is a little like setting the filesystem permissions to rwx for all users authenticated or otherwise. Similarly, we all joke about users sticking post-it notes with password to the screen; there is little difference in this to an administrator disabling SELinux inappropriately.

There are reasons that the mandatory access control (MAC) list exists, and we as administrators should use it to our advantage. Traditionally, we are accustomed to using discretionary access control (DAC) lists and these can be set by users as well as root. The MAC is said to be mandatory, as it can only be applied and revoked by root.

First the DAC list is applied, and then the MAC list. SELinux never gives additional rights that were not there in the first place...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image