[rsbac] secoff has insufficient rights to change RC rules

Amon Ott ao at rsbac.org
Wed Dec 13 09:24:36 CET 2006

On Dienstag 12 Dezember 2006 10:40, Colin Pitrat wrote:
> rc_set_item -a ROLE 0 type_comp_fd 4 GET_STATUS_DATA 1
> but when I use this command with secoff user, I get this answer in 
> rsbac_rc_sys_set_item(): changing type_comp_fd of role 0 denied for 
> 2114, user 400 - insufficent rights!
> Is there something special to do to allow secoff to change rules ? 
Is it 
> better if rules can't be changed but in softmode ?

If secoff's role has admin_type of role_admin, it should be granted. 
This message usually means that either the process has the wrong role 
or the role does not have this setting.

If you do not want to use admin_type, you can instead put role 0 into 
secoff's role's set of administrated roles and give secoff's role 
ACCESS_CONTROL right to type 4.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list