in reply to "safe" perl cron environment?

Part of the issue is that linux does not have, by default, mandatory access control facilities. This feature is used, e.g., in HR systems. In those environments root cannot access data in some files. In theory root could remove the disk and read the data on another system. The only way to avoid that is to encrypt the data. You might check this site for more information on encrypting files and file systems in Linux.

If you want to look at just access controls, check out SElinux. There are other linux ACL sites, but those implementations suffer from the shortcomings described above.

FYI, "How do I hide my code from everyone" is probably a FAQ. Try Super Search.

HTH, --traveler

Replies are listed 'Best First'.
Re: Re: "safe" perl cron environment?
by jhanna (Scribe) on Dec 02, 2002 at 18:53 UTC
    This is by far the most meaning reply to my question. Thanks, traveler.
[reply]
      Just so you know, NT/W2k has mandatory enforced ACL based security. And all of the things that I said earlier are _still_ true. I know because just recently I started looking into how to secure parts of a machine from the domain administrators. Simple answer: you can make it so they get noticed if they look, but you cant _stop_ them from looking if they really really want to. (Er well, at least if they also have the machine Admin account details too)

      *SIGH*

      --- demerphq
      my friends call me, usually because I'm late....

[reply]
        Absolutely. The only real solution is encryption. There are systems with mandatory access controls that are "difficult" (read "hopefully impossible") for the admin to bypass, but these are primarily used on military computers.

        --traveler

[reply]

In Section Seekers of Perl Wisdom