Linux is based on the idea that everyone using a system has their own username and password and belongs to one or more groups.

Every file or directory belongs to a user and a group, and has a set of given attributes (read, write and executable) for users, groups and all (everybody).

A file or folder can have permissions that only allows the user it belongs to to read and write to it, allowing the group it belongs to to read it and at the same time all other users can’t read or access the file whatsoever.

SELinux, developed by the US National Security Administration, further extends this capability by providing much more flexibility, control and security to the default Linux permissions schema by providing a set of Mandatory Access Controls.

SElinux is enabled and enforcing by default in Centos, Red Hat and Fedora systems for good reason and should be left in place for maximum security. Unfortunately, many people chose to disable this valuable feature simply due to lack of knowledge, falsely perceived “expediency”, fear and/or apathy. If you value your data, your systems integrity and the responsibly you have to your users, we recommend you leave it enabled and learn to work with it.

Last Modified: 14 Dec, 2011 at 08:09:44