[rsbac] Válasz: Re: [rsbac] Backup problem

rsbac@rsbac.org rsbac@rsbac.org
Thu Aug 8 14:21:01 2002


This is a multipart message in MIME format.
--=_alternative 0041F7AAC1256C0F_=
Content-Type: text/plain; charset="us-ascii"

On Thursday, 8. August 2002 10:06, ghorvath@minolta.hu wrote:
> I am using 1.2.1-pre1 because when I wanted to update my working config 
> was unable even to start my machine. But this is an other story.
> 1. At me, System Admin role doesn't have access to SCD [network nor 
> firewall] at all. The problem is when I make a backup and restore it, it 

> will have full access.
> 2. The same with NET{DEV,TEMP,OBJ} System Admin role has NO access to 
> these. Contrary to this after a backup/restore it will.

The problem here are the default settings for an unconfigured system.
-----------
Yes I understand this, but why doesn't the backup script save my null 
rights into the file, and then the restore process should overwrite the 
default settings? Like with SCD [host_id]?
-----------

I have just added a new kernel boot option rsbac_no_defaults, which 
suppresses any automatic setups. If you use this with rsbac_softmode (and 
no 
maint kernel), you should also use rsbac_nosyslog - otherwise your screen 
will be flooded with errors.

You find this in the 2.4.19-v1.2.1 dir on the rsync server.
------------
Thanks I will check it in a few minutes.
------------

> 3. By the way, after a backup in the backup file I will find 
> "attr_set_file_dir //etc/.." instead of "attr_set_file_dir FD //etc/..". 
I 
> have to make the changes by hand (I have a small script for it :-). Is 
> this normal or it is not but it is corrected in a later version?

It should work nevertheless, because FD is the default target and gets 
used 
when missing. Will correct this.
-------------
Unfortunately it doesn't work. At least not with 1.2.1-pre1. Right now I 
am testing pre4.

As always thank you for the quick help. 

Gabor
-------------

Amon.
--
http://www.rsbac.org

--=_alternative 0041F7AAC1256C0F_=
Content-Type: text/html; charset="us-ascii"


<br><font size=2 face="Courier New">On Thursday, 8. August 2002 10:06, ghorvath@minolta.hu wrote:<br>
&gt; I am using 1.2.1-pre1 because when I wanted to update my working config <br>
&gt; was unable even to start my machine. But this is an other story.<br>
&gt; 1. At me, System Admin role doesn't have access to SCD [network nor <br>
&gt; firewall] at all. The problem is when I make a backup and restore it, it <br>
&gt; will have full access.<br>
&gt; 2. The same with NET{DEV,TEMP,OBJ} System Admin role has NO access to <br>
&gt; these. Contrary to this after a backup/restore it will.<br>
<br>
The problem here are the default settings for an unconfigured system.</font>
<br><font size=2 face="Courier New">-----------</font>
<br><font size=2 face="Courier New">Yes I understand this, but why doesn't the backup script save my null rights into the file, and then the restore process should overwrite the default settings? Like with SCD [host_id]?</font>
<br><font size=2 face="Courier New">-----------<br>
<br>
I have just added a new kernel boot option rsbac_no_defaults, which <br>
suppresses any automatic setups. If you use this with rsbac_softmode (and no <br>
maint kernel), you should also use rsbac_nosyslog - otherwise your screen <br>
will be flooded with errors.<br>
<br>
You find this in the 2.4.19-v1.2.1 dir on the rsync server.</font>
<br><font size=2 face="Courier New">------------</font>
<br><font size=2 face="Courier New">Thanks I will check it in a few minutes.</font>
<br><font size=2 face="Courier New">------------<br>
<br>
&gt; 3. By the way, after a backup in the backup file I will find <br>
&gt; &quot;attr_set_file_dir //etc/..&quot; instead of &quot;attr_set_file_dir FD //etc/..&quot;. I <br>
&gt; have to make the changes by hand (I have a small script for it :-). Is <br>
&gt; this normal or it is not but it is corrected in a later version?<br>
<br>
It should work nevertheless, because FD is the default target and gets used <br>
when missing. Will correct this.</font>
<br><font size=2 face="Courier New">-------------</font>
<br><font size=2 face="Courier New">Unfortunately it doesn't work. At least not with 1.2.1-pre1. Right now I am testing pre4.</font>
<br>
<br><font size=2 face="Courier New">As always thank you for the quick help. </font>
<br>
<br><font size=2 face="Courier New">Gabor<br>
-------------</font>
<br><font size=2 face="Courier New"><br>
Amon.<br>
--<br>
http://www.rsbac.org</font>
<br>
--=_alternative 0041F7AAC1256C0F_=--