[rsbac] weird question...
Andrea Pasquinucci
cesare at ucci.it
Tue Sep 6 15:18:11 CEST 2005
I have various questions to ask in this and following messages. I start
from the most difficult. I would like to have a directory where:
- one particular Role can create files and write in them
- once created and written the first time, the file cannot be modified
by anyone
- the same Role is able to change the atime and mtime (and ctime) of all
files in this directory
A simple 'almost' solution is obvious, create the directory with
APPEND_ONLY, but this misses the point. After the first 'close' I would
like not to be possible to modify or append to the file, i.e. immutable.
And I cannot ask secoff to change the attribute of the file, since I am
running in FREEZE mode.
I cannot use a write-only HW device, since I need to change the
timestamps of the files after they have been written.
I have tried to play a little bit with direct IO and RSBAC, but it seems
to me that there is no way out: the best I managed was to call open
with O_WRONLY|O_CREAT|O_EXCL but of course this does a CREATE (ok with
me) but then also a WRITE_OPEN which I cannot allow on the file
generically, but only the first time.
Any suggestion? Or should I content myself with APPEND_ONLY and manage
at user level if something is written to the files which should have
not?
Thanks, Andrea
--
Andrea Pasquinucci cesare at ucci.it
PGP key: http://www.ucci.it/ucci_pub_key.asc
fingerprint = 569B 37F6 45A4 1A17 E06F CCBB CB51 2983 6494 0DA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://rsbac.dyndns.org/pipermail/rsbac/attachments/20050906/26f6a909/attachment.bin
More information about the rsbac
mailing list