[rsbac] role set ff flags?

Josh Beagley rsbac@rsbac.org
Wed Nov 27 16:21:01 2002


> On Wednesday, 27. November 2002 15:10, Josh Beagley wrote:
> > I am currently A slackware user, and and ideally wanted to have
> my /var > directories except run and some others set to
> no_delete_or_rename and  > no_execute with ff_flags. However the
> slackware install programs need write > access whenever I choose
> to install/uninstall packages. Is it possible for > a role to
> set/unset FF flags?
> 
> The FF model requires a user with FF role set to Security Officer
> to (un)set  flags.
> 
> What is the problem here? You can do everything with and inside
> the dir,  except rename or delete the dir itself. If the
> installer needs to run  programs somewhere below, then you need
> another solution.
> 
> Amon.
> --
> http://www.rsbac.org
> _______________________________________________
> rsbac mailing list
> rsbac@rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac


Apoligies, I also had append_only. The slackware installer keeps track of
instlled packages by writing the package name to /var/adm/packages and
filling it with the location of files. I was wanting to only have it unset
append_only when the installer was run, and unset append_only and
no_delete_or_rename when the uninstaller was run.