[rsbac] RC, ACL models questions
sftf at yandex.ru
sftf at yandex.ru
Wed Apr 28 12:03:33 CEST 2004
Hello !
Could you answer on several questions?
1. How to do with ACL, so that it is impossible to delete DIR, but
FILEs and DIRs under it possible to delete ?
2. How to do with RC, so that it is impossible to delete DIR, but
FILEs and DIRs under it possible to delete, if this files/dirs MUST inherit parent FD type ?
(so parent DIR and all subDIRs and subFILEs all of one fd-type)
3. With RC model Default FD Create Type may set in ONE TYPE:
- Inherit_from_process
- Inherit_from_parent
- No_create_allowed
So can ONE USER with ONE ROLE within ONE process create two files
with different fd-types in the SAME directory ?
Of course without implicit setting type AFTER file creation.
So files in process of creation MUST have different types.
For example: useradd, userdel from shadow suit.
When you add or delete user useradd/userdel programm
CREATE NEW /etc/passwd, /etc/shadow, so this files inherit their fd-types from
parent dir or process. But I want that /etc had their own type (sys_etc),
/etc/passwd - their own type (auth_userdb) and
/etc/shadow - their own type(auth_shadowdb) ALWAYS.
Thank you.
mailto:sftf at yandex.ru
More information about the rsbac
mailing list