[rsbac] "add inherited" file flag confusion

Amon Ott ao at rsbac.org
Fri Jul 11 23:54:00 MEST 2003

On Samstag, 12. Juli 2003 20:19, Chirag P wrote:
> I guess I am struggling with
> 1.  How to correctly use this flag and the uses of
> this flag?
> 2.  Advantages of this flag (or removing this flag,
> since it is on by default)?
> For example if I have the following directory
> structure:
> grandparent_dir/parent_a/child_a
> grandparent_dir/parent_b/child_b
> and if I assign the following flags
> grandparent_dir = secure_delete
> parent_a = add_inheritance, no_execute
> child_a = add_inheritance
> child_a's effective flags become secure_delete, no
> execute
> parent_b = write_only <no add_inheritance>
> child_b = add_inheritance
> child_b's effective flags become write_only (it lost
> secure_delete from it's grandparent).
> Am I understanding this wrong?  Are there any cases

You understood correctly.

> where we might need to remove the "add_inherited" flag
> from a file or dir?

Just look at your own example: If you need a flag to be off at a subdir, which 
is on at the parent.

> Is this just a way of providing "more" fine granular
> control, if one really needs it?

This is a way to see it.


More information about the rsbac mailing list