[rsbac] 2 questions

Amon Ott rsbac@rsbac.org
Mon Apr 8 09:56:01 2002

Previous message: [rsbac] 2 questions
Next message: [rsbac] Protecting secoff from malicious root
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Monday, 8. April 2002 05:16, Metrix wrote:
> first of all, why does sshd still work, without any
> rsbac configuration, yet it is running as root?

You can still login as root, because sshd does not setuid to another id. In 
1.2.0, even a setuid to the same id gets checked - if the program does the 
call in that case.

> second, mucking around with settings, i mucked up
> httpd, what are the recommended settings fo apache?

That's a bit more complicated. apache needs to read_open, execute/map_exec 
and close libraries, read access to web data and append/write access to its 
logging dir. Choose the two necessary RC types and give apache a special 
role. If you have not yet put your libs into a separate type, now is the best 
time to do it...

A howto doc is on the way, where such things will probably be explained. 
apache might also make its way into the examples page.

Amon.
--
http://www.rsbac.org

Previous message: [rsbac] 2 questions
Next message: [rsbac] Protecting secoff from malicious root
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]