Re: Any access control mechanism that allow exceptions?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Henrik Kretzschmar <trash4henni@gmail.com>
To: Xin Zhao <uszhaoxin@gmail.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Any access control mechanism that allow exceptions?
Date: Sat, 06 Aug 2005 12:25:59 +0200	[thread overview]
Message-ID: <42F49037.9030206@gmail.com> (raw)
In-Reply-To: <4ae3c1405080600082ef440c8@mail.gmail.com>

Xin Zhao wrote:
> Hi,
> 
> I want to lock down a directory to be read-only, say, /etc, for system
> security. Unfortunately, some valid system tools might need to
> create/modified files like "/etc/dhclient-eth0.conf".  To avoid
> disrupting the normal running of those tools, I might have to allow
> certain files to be created under /etc.
> 
> Is there any way that allows me to specify what files are allowed to
> be created while locking down the whole directory at most of the time?
> 
> I think of adding an exception list as extend attributes of Ext3
> filesystem, and changes the Ext3 filesystem to enforce the policy. But
> this method looks awful.
> 
> Any elegant way to achieve this goal? 
> 
> Thanks
> 
> xin

What about symbolic links to a writable directory?

Henni

next prev parent reply	other threads:[~2005-08-06 10:26 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-08-06  7:08 Any access control mechanism that allow exceptions? Xin Zhao
2005-08-06 10:25 ` Henrik Kretzschmar [this message]
2005-08-07  1:20 ` Horst von Brand
2005-08-08  7:20 ` Jan Engelhardt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=42F49037.9030206@gmail.com \
    --to=trash4henni@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=uszhaoxin@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.