Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 1. Basic ugo/rwx Eunuchs(tm) permissions
- 1.2. This should be taken care of by
- 1.2.1. [cp --permissions ...]
- 1.2.2. OR [rsync -av ...]
- 1.2.3. OR [chown -R ...] (as in the OP)
- 2. ACLs
- 2.1. This should be handled by Selinux [semanage fcontext -a .../restorecon -R],
- 2.2. OR by Apparmor (as in the OP; I don't know the syntax)
- 3. Systemd configuration**
- 3.1. Systemd imposes default restrictions about what files service processes can access
- 3.2. This should be handled by [Service] directives
- 3.1.1. Under e.g. in file /etc/systemd/system/mariadb.service.d/something.conf
- 3.1.2. Such as ProtectHome=, ProtectSystem=, ReadWritePaths=
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement