[rsbac] Best Practice
Joerg Weber
j.weber at infos.de
Mon Jul 7 16:48:01 MEST 2003
Hello again,
I'm afraid this is a basic question- I'm trying to get a feeling for how
to do things best with RSBAC.
Therefore, I'd like to hear your opinions on the following basic
example:
Configuring tail to have the MAP_EXE, SEARCH, READ_OPEN and
GET_STATUS_DATA (plus others I forgot :>) rights.
I thought about creating a RC TYPE called exec_type, then creating a RC
ROLE exec_role with the mentioned rights. Then I'd assign the type via
attr_set_fd RC FD rc_type_fd <number-from-exec_type> /usr/bin/tail
Now, tail itself needs several libraries to run properly, so I attr_set
them to the same type.
I realize that sooner or later I'll run into severe management problems
using this approach.
Is there a best practice for managing this type of problem with the RC
model? Or is the ACL model more appropriate for this type of problem?
As I said, I'm in the development/learning phase and open to any and all
suggestions.
Thanks alot,
Joerg
--
Joerg Weber
Network Security
infoServe GmbH
Nell-Breuning-Allee 6
D-66115 Saarbruecken
T: (0681) 8 80 08 - 0
F: (0681) 8 80 08 - 59
www.infos.de
E: j.weber at infos.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://gateway.compuniverse.de/pipermail/rsbac/attachments/20030707/e43280c9/attachment.bin
More information about the rsbac
mailing list