> I come to the Land Of Unix from mainframes, where I used to earn my > crust. The mainframes had a tight security lockdown from out of the > box (or truck, as the case usually was of course :).
I kind of guessed as much. Yours is not an usual desire. > I'd be very interested to hear about any such options in the Linux > world. AFAIK, Linux ACL facilities are still experimental > (http://packages.debian.org/testing/admin/kernel-patch-acl.html) Most things in the realm of tighter access control are experimental, and tend to stay that way for a long time due, probably, to the lack of cohesion behind the various movements. But as I mentioned before, you'll probably want to examine subdomain from Wirex, SELinux, maybe LIDS, RSBAC, and doubtless there are others, but I'd start with those. -- Jamie Heilman http://audible.transient.net/~jamie/ "...thats the metaphorical equivalent of flopping your wedding tackle into a lion's mouth and flicking his lovespuds with a wet towel, pure insanity..." -Rimmer
