[rsbac] Best Practice

Joerg Weber j.weber at infos.de
Mon Jul 7 16:48:01 MEST 2003

Hello again,

I'm afraid this is a basic question- I'm trying to get a feeling for how
to do things best with RSBAC.
Therefore, I'd like to hear your opinions on the following basic
Configuring tail to have the MAP_EXE, SEARCH, READ_OPEN and
GET_STATUS_DATA (plus others I forgot :>) rights.
I thought about creating a RC TYPE called exec_type, then creating a RC
ROLE exec_role with the mentioned rights. Then I'd assign the type via

attr_set_fd RC FD rc_type_fd <number-from-exec_type> /usr/bin/tail

Now, tail itself needs several libraries to run properly, so I attr_set
them to the same type.
I realize that sooner or later I'll run into severe management problems
using this approach.

Is there a best practice for managing this type of problem with the RC
model? Or is the ACL model more appropriate for this type of problem?

As I said, I'm in the development/learning phase and open to any and all

Thanks alot,


Joerg Weber
Network Security

infoServe GmbH
Nell-Breuning-Allee 6
D-66115 Saarbruecken

T: (0681) 8 80 08 - 0
F: (0681) 8 80 08 - 59
E: j.weber at infos.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://gateway.compuniverse.de/pipermail/rsbac/attachments/20030707/e43280c9/attachment.bin

More information about the rsbac mailing list