Any access control mechanism that allow exceptions?

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Xin Zhao <uszhaoxin@gmail.com>
To: linux-kernel@vger.kernel.org
Subject: Any access control mechanism that allow exceptions?
Date: Sat, 6 Aug 2005 03:08:05 -0400	[thread overview]
Message-ID: <4ae3c1405080600082ef440c8@mail.gmail.com> (raw)

Hi,

I want to lock down a directory to be read-only, say, /etc, for system
security. Unfortunately, some valid system tools might need to
create/modified files like "/etc/dhclient-eth0.conf".  To avoid
disrupting the normal running of those tools, I might have to allow
certain files to be created under /etc.

Is there any way that allows me to specify what files are allowed to
be created while locking down the whole directory at most of the time?

I think of adding an exception list as extend attributes of Ext3
filesystem, and changes the Ext3 filesystem to enforce the policy. But
this method looks awful.

Any elegant way to achieve this goal? 

Thanks

xin

next             reply	other threads:[~2005-08-06  7:08 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-08-06  7:08 Xin Zhao [this message]
2005-08-06 10:25 ` Any access control mechanism that allow exceptions? Henrik Kretzschmar
2005-08-07  1:20 ` Horst von Brand
2005-08-08  7:20 ` Jan Engelhardt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4ae3c1405080600082ef440c8@mail.gmail.com \
    --to=uszhaoxin@gmail.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox