[rsbac] rsbac and ntpd
Arkady A Drovosekov
drawa at suct.uu.ru
Fri Jan 20 05:15:17 CET 2006
On Thu, Jan 19, 2006 at 05:10:46PM +0100, jochem_ippers at email.de wrote:
> Thank you very much! The rpm is great, because there are a lot of
> examples how to use/configure rsbac, and that's really helpful for a
> beginner. I just got ntp working (in a chroot jail) by giving the user
> 'ntp' ACL rights (on SCD: capabilities, clock, time_strucs) and the RC
> Role System_Admin, but I guess, that's not the most secure configuration
> ;-) so I will try your solution soon.
you can add some like that (I know it's not perfect) and start ntpd as
ordinary user:
attr_set_file_dir -a CAP FILE /usr/sbin/ntpd min_caps NET_BIND_SERVICE SYS_TIME
attr_set_file_dir FILE /usr/sbin/ntpd fake_root_uid 3
sure you need correct access rights for jail dir
--
Best regards,
Arkady
More information about the rsbac
mailing list