[rsbac] ssh rc-role

Amon Ott ao at rsbac.org
Fri Aug 25 09:31:16 CEST 2006

On Donnerstag 24 August 2006 19:09, tazok wrote:
> 2006/8/24, Amon Ott <ao at rsbac.org>:
> > If you use passwords for ssh connection, e.g. also use RSBAC User
> > Management and only allow setuid to authenticated uids.
One more hint: RSBAC 1.3-pre optionally also checks all CHANGE_OWNER 
for a PROCESS against the target USER. So you can combine this with 
RC CHANGE_OWNER right to the user's type or ACLs on the target users.

In the end, your sshd can only setuid to authenticated users of 
certain RC types or with a proper ACL entry for the process owner.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list