08-25-2008
It seems to me like the first option would be a lot easier to maintain over time. I can't really comment on the security point of view because it depends on the sensitivity of your data and the security of the network the system is on. There should be security built-in to the database access anyway, so hopefully anything you are donig here is going above and beyond the call of duty anyway?
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi Gurus,
Tried searching for something similiar in this forum but not really what i want.
This is my case:
I have about 20 users running on sun workstation. We have done a upgrade recently and right now it seems that the users can access to terminal and console which they are not suppose... (12 Replies)
Discussion started by: lweegp
12 Replies
2. UNIX for Advanced & Expert Users
Hi
I have requirement to create 3 new users on my server but to restrict their access to a set of particular folders.
/export/home/kapil/shared,
/export/home/kapil/shared/Folder1
/export/home/kapil/shared/Folder2
These folders should be accessible to all the 3 users and to me too.... (1 Reply)
Discussion started by: kapilk
1 Replies
3. Red Hat
Hi,
I had installed vsftp in rhel5 and i want to restrict all the local users from accessing the ftp.
i want to allow specific users to access the ftp server.
Request you to please help.
Thanks & regards
Arun (1 Reply)
Discussion started by: Arun.Kakarla
1 Replies
4. Solaris
Hi All,
How to restrict the NIS users not to change their passwords in for NIS users??
and my NIS user is unable to login to at client location what could be the problem for this ?
Any body can help me. Thanks in advance. (1 Reply)
Discussion started by: Sharath Kumar
1 Replies
5. UNIX for Dummies Questions & Answers
Hi All,
How can we restrict a particular user access to a particular shell in solaris 10.
Thanks in Advance. (5 Replies)
Discussion started by: rama krishna
5 Replies
6. Red Hat
Hi there
I have an application user on my system that wants accesses to these file systems as such:
rwx:
/SAPO
/SAPS12
/R3_888
/R3_888B
/R3_888F
/R3_888R
r:
/usr/sap
these are the existing FS permissions:ownerships:
# ls -ld /SAPO (9 Replies)
Discussion started by: hedkandi
9 Replies
7. Ubuntu
Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
Hi Folks,
Please help me. I am bit struck here.
Here is the OS info.
Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
I have a... (17 Replies)
Discussion started by: explorer007
17 Replies
8. Solaris
I'm using Solaris 10. I want to restrict users from executing this dangerous command.
rm -rf *
But they should be able to perform the below actions:
rm -rf *.*
rm -rf filename
rm -rf directory
Is it possible? If yes then pls let me know how to do it? (7 Replies)
Discussion started by: Arun_Linux
7 Replies
9. UNIX for Dummies Questions & Answers
I'm trying to use squid to restrict elinks' access to certain websites(only http traffic).
I have tried some configs in squid.conf but no luck. Hope someone has a bit of time to explain me how can you make these config's :)
---------- Post updated at 05:40 PM ---------- Previous update was at... (1 Reply)
Discussion started by: Birnbacher
1 Replies
10. Solaris
Dear friends,
:)
I create new user
useradd -g other -d /export/home/sltftp -m -s /bin/bash -c "SLT user account for TMA ftp backup" sltftp
now i need do restrict thees
chmod
delete
overwrite
rename
from this user:(for all the files in the server ,sltftp user can only able to download... (4 Replies)
Discussion started by: darakas
4 Replies
SECON(1) NSA SECON(1)
NAME
secon - See an SELinux context, from a file, program or user input.
SYNOPSIS
secon [-hVurtscmPRfLp] [CONTEXT]
[--file] FILE
[--link] FILE
[--pid] PID
DESCRIPTION
See a part of a context. The context is taken from a file, pid, user input or the context in which secon is originally executed.
-V, --version
shows the current version of secon
-h, --help
shows the usage information for secon
-P, --prompt
outputs data in a format suitable for a prompt
-C, --color
outputs data with the associated ANSI color codes (requires -P)
-u, --user
show the user of the security context
-r, --role
show the role of the security context
-t, --type
show the type of the security context
-s, --sensitivity
show the sensitivity level of the security context
-c, --clearance
show the clearance level of the security context
-m, --mls-range
show the sensitivity level and clearance, as a range, of the security context
-R, --raw
outputs the sensitivity level and clearance in an untranslated format.
-f, --file
gets the context from the specified file FILE
-L, --link
gets the context from the specified file FILE (doesn't follow symlinks)
-p, --pid
gets the context from the specified process PID
--pid-exec
gets the exec context from the specified process PID
--pid-fs
gets the fscreate context from the specified process PID
--current, --self
gets the context from the current process
--current-exec, --self-exec
gets the exec context from the current process
--current-fs, --self-fs
gets the fscreate context from the current process
--parent
gets the context from the parent of the current process
--parent-exec
gets the exec context from the parent of the current process
--parent-fs
gets the fscreate context from the parent of the current process
Additional argument CONTEXT may be provided and will be used if no options have been specified to make secon get its context from another
source. If that argument is - then the context will be read from stdin.
If there is no argument, secon will try reading a context from stdin, if that is not a tty, otherwise secon will act as though --self had
been passed.
If none of --user, --role, --type, --level or --mls-range is passed. Then all of them will be output.
SEE ALSO
chcon (1)
AUTHORS
James Antill (james.antill@redhat.com)
Security Enhanced Linux April 2006 SECON(1)