[rsbac] ACLs and Samba
Amon Ott
ao at rsbac.org
Wed Apr 30 10:46:25 MEST 2003
On Tuesday, 29. April 2003 18:10, Alexander E. Cuttergo wrote:
> On Tuesday, 29 Apr 2003 16:26:33 +0200, Amot Ott wrote:
> >> Ok. As I understand the standard Unix users and special ACL groups
> >> can be subjects for ACLs but not the standard Unix groups. Is that
> >> correct and what is the reason for this?
> >
> > It is correct.
> >
> > The reason is that the standard Unix group administration is insecure: It
> > usually only depends on an uncontrolled editing of a file (/etc/group),
and
> > the superuser root can assign any group to a process.
> Wait a second.
> If "uids administration" is to be secure, then it must not "depends on an
> uncontrolled editing of a file", /etc/passwd and /etc/shadow in this case.
If
> RSBAC provides workarounds against modifying /etc/passwd (or any other user
> database), then the same tricks can be used to protect /etc/group, correct ?
> If it is not done yet, it is an effect of lack of time, I guess.
They could, but that is not sufficient.
> > Additionally, the ACL groups can be private or global, each user can have
an
> > individual set of them and there is no limit on the number of groups a
user
> > can be in at the same time.
> Sorry, I don't get it. How the above sentence relates to infeasibility of
> providing ACLs for Unix groups ?
In contrary, it is quite easy to do. My main point here was that ACL groups
are much more powerful and flexible, and they allow for separation of duty by
design, etc.
Linux groups have been treated as 'mostly out of scope' for RSBAC until now.
This means that there is no way to control which groups a process may acquire
and which ones not.
You see, the problem is that a process can select the set of active Linux
groups, while ACL groups are completely mandatory.
Let's state it this way: If you'd like to see Linux groups as ACL subjects, I
will add them as an option. Together with this, I will have to recheck
whether all group changes for processes are properly controlled and add group
change checks to AUTH module.
The easier way (for me at least) would be if you:
- Setup your Linux groups and rights as you desire
- Run linux2acl on your Samba dir tree to get them automatically converted to
ACL groups and rights settings
- Apply the script produced by linux2acl
- (Optionally) turn off Linux control for the Samba dir tree with
linux_dac_disable attribute on the dir
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list