[rsbac] ACLs / acl_grant Problem ff...

jochem_ippers at email.de jochem_ippers at email.de
Tue Jan 17 12:18:21 CET 2006


Hi Amon,
sorry, a little bit 'hektisch' here at the time. I have to install some irc program first, never used it before. :-)
But here is the output of the two commands:

acl_rights -p FD :DEFAULT:
:DEFAULT:          : 00000000010000000000001110100000011011010010111111110110100
  APPEND_OPEN
  CHANGE_OWNER
  CHDIR
  CLOSE
  CREATE
  DELETE
  EXECUTE
  GET_PERMISSIONS_DATA
  GET_STATUS_DATA
  LINK_HARD
  MODIFY_ACCESS_DATA
  MODIFY_PERMISSIONS_DATA
  READ
  READ_WRITE_OPEN
  READ_OPEN
  RENAME
  SEARCH
  TRUNCATE
  WRITE
  WRITE_OPEN
  MAP_EXEC
  LOCK
acl_tlist -p FD :DEFAULT:
:DEFAULT:: 1 entries
  GROUP 0:      00000000010000000000001110100000011011010010111111110110100
    APPEND_OPEN
    CHANGE_OWNER
    CHDIR
    CLOSE
    CREATE
    DELETE
    EXECUTE
    GET_PERMISSIONS_DATA
    GET_STATUS_DATA
    LINK_HARD
    MODIFY_ACCESS_DATA
    MODIFY_PERMISSIONS_DATA
    READ
    READ_WRITE_OPEN
    READ_OPEN
    RENAME
    SEARCH
    TRUNCATE
    WRITE
    WRITE_OPEN
    MAP_EXEC
    LOCK

So, no SUPERVISOR rights in here, and also there was never any log message which said rsbac* GRANTED something, it was always NOT GRANTED. Hmm, as far as I remember the system freezed once on first boot (because of an initrd), maybe that's the reason for these problems. Is there some way to initialize the system again from zero? Or would I have to install the os from scratch?
Jochem


RSBAC Discussion and Announcements <rsbac at rsbac.org> schrieb am 17.01.06 09:52:54:
> 
> Hi Jochem!
> 
> On Montag 16 Januar 2006 20:18, jochem_ippers at email.de wrote:
> > I tried a lot to set masks / ACLs on files and directories, but I 
> can't even set anything when secoff is the owner of the 
> directory/file. No matter what I do, the answer is always: operation 
> not permitted. Isn't the secoff the supervisor of the whole system? 
> Do I have to prepare him or the devices or the filesystem somehow 
> (unix and rsbac layer, before and after installation)? I would like 
> to turn off the unix rights system for a subtree but of course: 
> operation not permitted.
> 
> It used to work well straight out of the box, and as far as I can see 
> it still does here. I fear that somehow your secoff lost the 
> SUPERVISOR right at :DEFAULT:.
> 
> Try "acl_rights -p FD :DEFAULT:" or "acl_tlist -p FD :DEFAULT:" to see 
> the current rights.
> 
> > Does anyone have a short first-steps description for rsbac or 
> anything like this? I'm sorry for these questions, but there is 
> hardly no documentation about 'first steps/problems' or for typical 
> usage procedurs. And I would like to show rsbac to my boss in the 
> next days :-).
> 
> Can you come into the chat #rsbac at irc.debian.org? There we could go 
> through this more interactively.
> 
> Amon.
> -- 
> http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
> _______________________________________________
> rsbac mailing list
> rsbac at rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac




More information about the rsbac mailing list