[rsbac] ssh rc-role
jens
jens at igraltist.dyndns.org
Tue Aug 15 19:58:11 CEST 2006
hi liste
i have a problem with my ssh.
the follow situation i have.
i give the sshd a initial rc-role and force role.
now when i will offer the root password for the ssh access i get the the
ssh-force-rc-role has access to the directory /security for manage the rsbac
over ssh. now the same ssh-force-rc-role give the root-user the entry.
and the root user get all rights for the /security directory like the
security-user. and this directory is the only where i give the
ssh-force-rc-role acces to write etc. . now the root-user which come with the
ssh-force-rc-role into the system get also all this rights there.
there the rc-type not differ betwen the users, because the ssh-force-role ask
for access.
for this situation i need an other model to protect this directory.
there is no problem if i do with direct keyboard access to the machine,
because then the rc-role 2 has no access the the rc-type from /security.
but when i will do over ssh is it a problem.
sincerly
igraltist
More information about the rsbac
mailing list