On Mon, Jul 27, 2009 at 10:57 PM, Cyril Chacko cyril.chacko@gmail.comwrote:
Hi All,
Today a friend of mine showed me a security feature in Windows XP, which to my knowledge is not available under Linux.(Please tell me I am wrong).
So here goes, he showed me a security feature in Windows XP wherein the user can setup a custom access to their own files and restrict access to others, including Adminstrators.
Is there a way to do so in GNU/Linux systems (for root)? As I am not aware of any means, I was not able to give him any answers. This feature came to light when we were discussing our Company's adoption of IS)-27001. He has also claimed that this is also the reason why Linux adoption in Enterprises is very low.
Read selinux. Way back in 1997 when selinux was not available, I used to use a software called SEOS (Security for Open Systems) for securing servers in Citibank. We had an id called secadm which was held by a security officer. The id secadm had rights to define who can access what. Even the root id could be prevented from accessing confidential data. These rights used to be maintained in a databse called the Policy Model Database. The way seos worked was it trapped all system calls before it reached the kernel. SEOS was developed by the Israeli army and the software was subsequently bought by CA and sold as Etrust.
SELINUX uses the same kind of concept which SEOS, ETrust uses.