Enterprise Networking Planet: SELinux: Spook Tested, Admin Approved

“Linux’s basic security structure, which is based on Unix’s
least privilege model, works quite well. It’s simple to understand
and use; the basic idea is to never use more than the absolutely
required permissions to perform a task.

“Under this model, there are three levels of file ownership:
owner, group, world. And three levels of file permissions: read,
write, execute. Using ‘sticky’ bits allows permissions to be
inherited. Since everything in Linux and Unix is treated as a
file–data and system files, directories, and hardware
devices–it’s a simple, flexible system for controlling access.
This allows you, the ace sysadmin, to do neat things like grant
users the ability to execute a script, but not read or edit it. Or
to create shared directories that automatically set group ownership
and permissions on new files, or to run daemons as unprivileged
users. Human users run with minimal permissions to prevent them
from mucking with system files; or if their accounts are
compromised, limiting the damage to files owned by the user…”

Complete Story