[rsbac] role set ff flags?

Amon Ott rsbac@rsbac.org
Wed Nov 27 16:00:01 2002

On Wednesday, 27. November 2002 15:10, Josh Beagley wrote:
> I am currently A slackware user, and and ideally wanted to have my /var
> directories except run and some others set to no_delete_or_rename and 
> no_execute with ff_flags. However the slackware install programs need write
> access whenever I choose to install/uninstall packages. Is it possible for
> a role to set/unset FF flags?

The FF model requires a user with FF role set to Security Officer to (un)set 

What is the problem here? You can do everything with and inside the dir, 
except rename or delete the dir itself. If the installer needs to run 
programs somewhere below, then you need another solution.