[rsbac] RC Boot Role
Chirag Pandya
cpandya at gmail.com
Wed Jan 25 20:16:31 CET 2006
Hello All,
I'm trying to understand the "RC Boot Role" more carefully so that I
can prevent root from adding/editing init scripts.
Here is my understanding so far:
1. Set /etc/init.d type to something other than 2 (System Admin).
Let's say I set it to type 999999
2. Allow ROLE 999999 to read and run objects of type 999999
3. Set ROLE 2's compatibility with type 999999 to include no WRITE/EDIT rights.
4. Set boot_role = 1 for ROLE 999999 and boot_role = 0 for ROLE 2.
Is this the intended use of this role?
Thanks,
Chirag
More information about the rsbac
mailing list