Habr1d ago

Права в Linux: chown/chmod, SELinux context, символьная/восьмеричная нотация, DAC/MAC/RBAC/ABAC

Собрал в одном месте всё, что нужно знать о правах в Linux, простым и понятным языком: символьная и восьмеричная нотация, SUID/SGID/Sticky bit, SELinux-контекст, DAC, MAC, RBAC, ABAC, команды ls/stat/chmod/chown/find — с примерами и схемами, к которым легко вернуться.

https://habr.com/ru/articles/1027674/

#linux #chmod #chown #SELinux #права_доступа #DAC #MAC #RBAC #ACL #системное_администрирование

Права в Linux: chown/chmod, SELinux context, символьная/восьмеричная нотация, DAC/MAC/RBAC/ABAC

Помню когда тема о правах доступа в linux (chmod) была для меня незнакомой, я находил разные статьи, которые очень сильно раздражали пробелами в объяснениях, давали рваные фрагменты понимания ситуации...

Хабр
Paul MooreApr 15

Getting back to a more normal schedule, here is my highlight post for the LSM, SELinux, and audit changes that were recently merged into Linus' tree as part of the Linux v7.1 merge window.

https://paul-moore.com/blog/d/2026/04/linux_v71_merge_window.html

#lsm #selinux #audit

Paul Moore · Linux 7.1 Merge Window

Paul MooreApr 13

Linus released Linux v7.0 a few hours ago, and while I didn't have the time to do a merge window highlight post, I did capture all of the LSM, SELinux, and audit highlights for Linux v7.0 in the post below.

https://paul-moore.com/blog/d/2026/04/linux_v70.html

#lsm #selinux #audit

Paul Moore · Linux 7.0 Released

Scott McCartyApr 9

"Your Container Is Not a Sandbox" — an entire article on container security that never mentions SELinux. Not once. That's not an oversight, it's an agenda.

I'm not anti-microVM. But containers *do* contain. I run OpenClaw --read-only with SELinux enforcing. Add seccomp, dropped caps, user namespaces — defense in depth works.

https://emirb.github.io/blog/microvm-2026/

#containers #SELinux #microVMs #Linux #security

mxkApr 8

At which point does security infrastructure become complex enough to be a security risk by itself?
Read this function and tell me you understood it at first glance.
https://elixir.bootlin.com/linux/v6.19.11/source/security/selinux/ss/services.c#L265

#Linux #SELinux

Making sure you're not a bot!

Show threadgaryApr 6
@threatchain general purpose siem, malcolm ids, debian server, opnsense - good combo imo, good licensing,. I may just refactor and use 500gb drives so cost will not be the limiting factor, you can use debian blends too but even some of these specialized apps won't have included forensics-full and this has a ton of super usefull sw, when you have the persistence partition going corner case use cases can be covered better than say something like a bootable iso #rational clear case #mw #smw #yacy 3jenkins #ntop-ng #misp #cms #lamp server #sbom #addons #app armor #selinux #ufw #fail2ban #hardened debian #pentoo
ChristianMar 27

Selinux: Helped me in the past 30 years: 0 times. Annoyed me in that timeframe: INF. Times people tell me how awesome it is: also INF.

#linux #selinux

Show threadMichael T BabcockMar 25
@drscriptt so there I am on the phone with tech support for a database vendor and he explains that licensing isn't working because #SELinux is enabled, so I set it to permissive, log the errors, make an appropriate permissions list, compile and turn it back on.
He says "nobody in house has made it work with SELinux on" -- obviously none of them spent 15 minutes learning how to use the tools. Ugh. #rant
Show threadMichael T BabcockMar 25
@drscriptt @Madagascar_Sky @geerlingguy see also "just turn off #selinux" on every package.
Mx Rey 💜 🏳️‍⚧️Mar 19

as god is my witness, i have no idea what caused this, what a chr_file is, why there's a fprintd process, what chr_file 059 is, or what i should do about this

if windows threw this error i would scan for viruses and reboot

maybe i need to reboot

#SELinux #Fedora