[grsec] User domains and objects
spender at grsecurity.net
spender at grsecurity.net
Thu Dec 9 09:26:43 EST 2004
> /home rwc
> /home/* rwtcd
^ t = read-only ptrace
This is not needed if execute permission isn't granted as well.
The only way to handle this is to use regular DAC permissions to keep
user Y from accessing the files of user X. Domains are for users having
different GIDs to be grouped together in one policy. If you want the
individual users to have different policies, use the regular user roles
instead.
-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20041209/61e2c7d8/attachment.pgp
More information about the grsecurity
mailing list