[rsbac] Válasz: Re: [rsbac] Backup problem
rsbac@rsbac.org
rsbac@rsbac.org
Thu Aug 8 14:21:01 2002
This is a multipart message in MIME format.
--=_alternative 0041F7AAC1256C0F_=
Content-Type: text/plain; charset="us-ascii"
On Thursday, 8. August 2002 10:06, ghorvath@minolta.hu wrote:
> I am using 1.2.1-pre1 because when I wanted to update my working config
> was unable even to start my machine. But this is an other story.
> 1. At me, System Admin role doesn't have access to SCD [network nor
> firewall] at all. The problem is when I make a backup and restore it, it
> will have full access.
> 2. The same with NET{DEV,TEMP,OBJ} System Admin role has NO access to
> these. Contrary to this after a backup/restore it will.
The problem here are the default settings for an unconfigured system.
-----------
Yes I understand this, but why doesn't the backup script save my null
rights into the file, and then the restore process should overwrite the
default settings? Like with SCD [host_id]?
-----------
I have just added a new kernel boot option rsbac_no_defaults, which
suppresses any automatic setups. If you use this with rsbac_softmode (and
no
maint kernel), you should also use rsbac_nosyslog - otherwise your screen
will be flooded with errors.
You find this in the 2.4.19-v1.2.1 dir on the rsync server.
------------
Thanks I will check it in a few minutes.
------------
> 3. By the way, after a backup in the backup file I will find
> "attr_set_file_dir //etc/.." instead of "attr_set_file_dir FD //etc/..".
I
> have to make the changes by hand (I have a small script for it :-). Is
> this normal or it is not but it is corrected in a later version?
It should work nevertheless, because FD is the default target and gets
used
when missing. Will correct this.
-------------
Unfortunately it doesn't work. At least not with 1.2.1-pre1. Right now I
am testing pre4.
As always thank you for the quick help.
Gabor
-------------
Amon.
--
http://www.rsbac.org
--=_alternative 0041F7AAC1256C0F_=
Content-Type: text/html; charset="us-ascii"
<br><font size=2 face="Courier New">On Thursday, 8. August 2002 10:06, ghorvath@minolta.hu wrote:<br>
> I am using 1.2.1-pre1 because when I wanted to update my working config <br>
> was unable even to start my machine. But this is an other story.<br>
> 1. At me, System Admin role doesn't have access to SCD [network nor <br>
> firewall] at all. The problem is when I make a backup and restore it, it <br>
> will have full access.<br>
> 2. The same with NET{DEV,TEMP,OBJ} System Admin role has NO access to <br>
> these. Contrary to this after a backup/restore it will.<br>
<br>
The problem here are the default settings for an unconfigured system.</font>
<br><font size=2 face="Courier New">-----------</font>
<br><font size=2 face="Courier New">Yes I understand this, but why doesn't the backup script save my null rights into the file, and then the restore process should overwrite the default settings? Like with SCD [host_id]?</font>
<br><font size=2 face="Courier New">-----------<br>
<br>
I have just added a new kernel boot option rsbac_no_defaults, which <br>
suppresses any automatic setups. If you use this with rsbac_softmode (and no <br>
maint kernel), you should also use rsbac_nosyslog - otherwise your screen <br>
will be flooded with errors.<br>
<br>
You find this in the 2.4.19-v1.2.1 dir on the rsync server.</font>
<br><font size=2 face="Courier New">------------</font>
<br><font size=2 face="Courier New">Thanks I will check it in a few minutes.</font>
<br><font size=2 face="Courier New">------------<br>
<br>
> 3. By the way, after a backup in the backup file I will find <br>
> "attr_set_file_dir //etc/.." instead of "attr_set_file_dir FD //etc/..". I <br>
> have to make the changes by hand (I have a small script for it :-). Is <br>
> this normal or it is not but it is corrected in a later version?<br>
<br>
It should work nevertheless, because FD is the default target and gets used <br>
when missing. Will correct this.</font>
<br><font size=2 face="Courier New">-------------</font>
<br><font size=2 face="Courier New">Unfortunately it doesn't work. At least not with 1.2.1-pre1. Right now I am testing pre4.</font>
<br>
<br><font size=2 face="Courier New">As always thank you for the quick help. </font>
<br>
<br><font size=2 face="Courier New">Gabor<br>
-------------</font>
<br><font size=2 face="Courier New"><br>
Amon.<br>
--<br>
http://www.rsbac.org</font>
<br>
--=_alternative 0041F7AAC1256C0F_=--