[rsbac] / in ramdisk

[Bencsath Boldizsar]

check our 'sniffix' live cd, it is based on knoppix, so it is a cd and
ramdisk based distribution, it loads in softmode, a small script
initializes rsbac and sets the basic privileges, and after that it turns
off softmode. So the students can set all the other permissions by hand,
and if they fail, just reboot the cd...
on the other hand, if you want to save these settings, just backup_all
them to a hdd and load it by hand or by the cd...

it is no use to manually modify/use rsbac.dat etc. files as they contain
INODE based information and you definitely want use PATH based information
(e.g. backup_all )

boldizsar


--------------------------------
Bencsath Boldizsar
boldi at mail2003.etl.hu
--------------------------------

On Thu, 9 Sep 2004, Martin Heyer wrote:

> Is there a place (except the sources :) where the function of those rsbac.dat
> directories is explained? <long explaination> I just set up a system with /
> in a ramdisk and a hdd mounted  somewhere in there. The problem is that rsbac
> "forgets" its config in /rsbac.dat for obvious reason. There is no way of
> making and playing in a copy because this dir is protected. Now I wrote a
> startscript with all necessary rsbac configuraion. Now it just has to be
> started.
> I wrote a small suid-wrapper that is suid 400 and starts the skript, which
> can't be starded twice (checks this). Of course all this lies on the harddisk
> in /hdd/...</long explaination>
> The final step was setting the auth_may_suid on this wrapper.
> IMHO this would be saved in /rsbac.dat so that it can be re-read on startup.
> But somehow rsbac also forgets this bit on reboot.
> Could it be that parts of the config in /hdd/...
> are kept in /rsbac.dat instead of /hdd/rsbac.dat? (and get lost on reboot)
>
> Thank you,
> Martin
> _______________________________________________
> rsbac mailing list
> rsbac at rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac
>
>