[rsbac] prohibit tcpip connects with ACL - why don't works?
Pallai Roland
dap at mail.index.hu
Tue Sep 23 02:00:21 MEST 2003
On Mon, 2003-09-22 at 10:14, Amon Ott wrote:
> Do you really want to filter out all rights except CLOSE?
yes, for now..
> The setup looks OK. Could you please try with another ACL entry at the
> template 100100 for user 0? There might be a lurking bug related to role
> rights.
same results.. every connect allowed for everyone..
> Please also try the acl_rights command to get the system's opinion about
> existing rights, and maybe a "Who has rights here?" from the rsbac_acl_menu
> on the template.
Who has rights to NETTEMP 100100:
USER_0 000000011111110010000000000000010000000000110000000
[...]
USER_2229 000000000000000000000000000000000000000000010000000
[...]
vudumen at xxx:~$ id
uid=2229(vudumen) gid=2000 groups=2000
vudumen at xxx:~$ telnet 192.168.0.200 22
Trying 192.168.0.200...
Connected to 192.168.0.200.
[...]
tia,
--
DaP
More information about the rsbac
mailing list