[rsbac] secoff has insufficient rights to change RC rules
Amon Ott
ao at rsbac.org
Wed Dec 13 09:24:36 CET 2006
On Dienstag 12 Dezember 2006 10:40, Colin Pitrat wrote:
> rc_set_item -a ROLE 0 type_comp_fd 4 GET_STATUS_DATA 1
>
> but when I use this command with secoff user, I get this answer in
logs:
>
> rsbac_rc_sys_set_item(): changing type_comp_fd of role 0 denied for
pid
> 2114, user 400 - insufficent rights!
>
> Is there something special to do to allow secoff to change rules ?
Is it
> better if rules can't be changed but in softmode ?
If secoff's role has admin_type of role_admin, it should be granted.
This message usually means that either the process has the wrong role
or the role does not have this setting.
If you do not want to use admin_type, you can instead put role 0 into
secoff's role's set of administrated roles and give secoff's role
ACCESS_CONTROL right to type 4.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list