म.हा.सा.ग.र wrote: > I saw this *ccs-tools* (also called Mandatory Access Control) and tried to > search deeper but could not understand much... > > can anybody tell more about this in non-techie's terms...
Sure. Classic Unix permissions is called discretionary access control (ie) based on users, who you are logged in determines which files you have access to. Mandatory access control is centralized administrated controlled policy. Conceptually you can think of it as a internal firewall between programs. In DAC, root user has supreme access to everything. In MAC, it can be much more fine grained. To demonstrate the power of this, this public system has been setup with root password given in the website itself. You still won't be able to do much because the SELinux policy in the system is very strictly confined http://www.coker.com.au/selinux/play.html Rahul -- ______________________________________________________________________ Pune GNU/Linux Users Group Mailing List: (plug-mail@plug.org.in) List Information: http://plug.org.in/cgi-bin/mailman/listinfo/plug-mail Send 'help' to [EMAIL PROTECTED] for mailing instructions.
