[rsbac] samba
Arkady A Drovosekov
rsbac@rsbac.org
Mon, 4 Mar 2002 17:28:44 +0500
Hi,
thank you all, log problem was located in klogd.
But...
samba on the way:
I tried to assign separate role for samba daemon (smbd) with rw rights
for only one directory.
I've created role and make it forced role for smbd, assign acl for directory
to make read/write possible for new role. I didn't change fd_type of this
directory, so it is a general fd.
And there is a problem: samba can't access this dir.
In logs there is a message:
Mar 4 16:23:16 host kernel: rsbac_adf_request(): request GET_STATUS_DATA, caller_pid 4854, caller_prog_name smbd, caller_uid 0, target-type DIR, tid Device 3:8 Inode 68545 Path /home/user/out, attr none, value 0, result NOT_GRANTED by ACL
If I change acl mask (add RW requests) for /home/user/out then smbd
successfully works.
Why?
roles, rights and masks:
attr_get_file_dir FILE /usr/sbin/smbd rc_force_role
3
acl_rights -l 3 -p FD /home/user/out/
acl_rights: Role 3
/home/user/out/ : 000000000000000110100000011011010010111111110110100
APPEND_OPEN
CHANGE_OWNER
CHDIR
CLOSE
CREATE
DELETE
EXECUTE
GET_PERMISSIONS_DATA
GET_STATUS_DATA
LINK_HARD
MODIFY_ACCESS_DATA
MODIFY_PERMISSIONS_DATA
READ
READ_WRITE_OPEN
READ_OPEN
RENAME
SEARCH
TRUNCATE
WRITE
WRITE_OPEN
acl_mask FD /home/user/out/
/home/user/out/: 000000000000000000000000000000000000000000000000000
acl_mask FD /home/user/
/home/user/: 111000000000000111111111111111111111111111111111111
--
Best regards,
Arkady