[rsbac] Login process
Amon Ott
ao at rsbac.org
Tue Feb 22 17:29:31 CET 2005
On Dienstag 22 Februar 2005 17:14, Juan Espino wrote:
> In a normal Linux I understand (maybe I'm wrong) in a login process
the system checks /etc/passwd for authenticate the users. This
means that then a normal user happens to be root to be able to read
the file passwd to authenticate him.
The login program runs with higher privileges. It only setuids to the
uid after authentication.
> My question is what happen in Linux with rsbac. For example I think
the file passwd must be a greatest sensitive label (e.g. TOP
SECRET), then what happen if a user with a label NO CLASSIFIED login
into the system, how the system checks the identity of this user ?
The same: The login program runs with high privileges, setuids and
thus looses the extra privileges.
BTW, /etc/passwd must be readable for all users. The more interesting
file is /etc/shadow, which contains the passwords.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list