[rsbac] "add inherited" file flag confusion
Amon Ott
ao at rsbac.org
Fri Jul 11 23:54:00 MEST 2003
On Samstag, 12. Juli 2003 20:19, Chirag P wrote:
> I guess I am struggling with
> 1. How to correctly use this flag and the uses of
> this flag?
> 2. Advantages of this flag (or removing this flag,
> since it is on by default)?
>
> For example if I have the following directory
> structure:
> grandparent_dir/parent_a/child_a
> grandparent_dir/parent_b/child_b
>
> and if I assign the following flags
>
> grandparent_dir = secure_delete
> parent_a = add_inheritance, no_execute
> child_a = add_inheritance
>
> child_a's effective flags become secure_delete, no
> execute
>
> parent_b = write_only <no add_inheritance>
> child_b = add_inheritance
>
> child_b's effective flags become write_only (it lost
> secure_delete from it's grandparent).
>
> Am I understanding this wrong? Are there any cases
You understood correctly.
> where we might need to remove the "add_inherited" flag
> from a file or dir?
Just look at your own example: If you need a flag to be off at a subdir, which
is on at the parent.
> Is this just a way of providing "more" fine granular
> control, if one really needs it?
This is a way to see it.
--
Amon.
More information about the rsbac
mailing list