Files and directories may be compromised by users who either do not understand permissions or who are accidently provided with more access than intended. There’s an old system administration saying: “If we didn’t have users, nothing would break, and the system would be more secure.” Of course, the response to this saying is, “Without users, we wouldn’t have a job!” Users’ mistakes often do provide unintended access to the data that is stored in files.
Context-based access can be configured to deal with compromised permissions by providing an additional level of security when processes are used to access files. The control of file and directory access is not in the hands of the user but rather is handled by the administer.
It isn’t just user files and directories that are a concern. Imagine a situation in which a remote hacker is able to utilize an exploit to gain control of your web server process (the httpd process). Without context-based controls, this hacker could direct the httpd process to read critical system files (such as the /etc/passwd file) and get information that could lead to further intrusions on the system or the network.
Traditional Linux permissions (read, write, and execute on files and directories) make use of discretionary access control (DAC), while context-based permissions utilize mandatory access control (MAC). However, when a context-based solution is enabled, DAC still applies (both MAC and DAC are enforced). Typically, the MAC controls are first evaluated and, if the access is granted, then the file’s permissions are checked.
This chapter covers two commonly used context-based methods: SELinux and AppArmor.