[rsbac] Login process

Amon Ott ao at rsbac.org
Tue Feb 22 17:29:31 CET 2005

On Dienstag 22 Februar 2005 17:14, Juan Espino wrote:
> In a normal Linux I understand (maybe I'm wrong) in a login process 
the system checks /etc/passwd for authenticate the users.   This 
means that then a normal user happens to be root to be able to read 
the file passwd to authenticate him.

The login program runs with higher privileges. It only setuids to the 
uid after authentication.
> My question is what happen in Linux with rsbac.  For example I think 
the file passwd must  be a greatest sensitive label (e.g.  TOP 
SECRET), then what happen if a user with a label NO CLASSIFIED login 
into the system, how the system checks the identity of this user ?

The same: The login program runs with high privileges, setuids and 
thus looses the extra privileges.

BTW, /etc/passwd must be readable for all users. The more interesting 
file is /etc/shadow, which contains the passwords.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list