[OBORONA-SPAM] [rsbac] Restricting /etc/passwd & /etc/shadow from root...

sftf at yandex.ru sftf at yandex.ru
Mon Mar 27 04:57:12 CEST 2006

Try to read this (2 tried solutions):

This will not work:
"If you still want to use /etc/passwd scheme, try using RC model to
protect it.  Create and assign a new TYPE to /etc/passwd, /etc/shadow
files.  Define compabilities such that root role can only READ these
files.  Create a new ROLE that has write permissions to this new TYPE.
Now assign this force role to useradd, usermod ... commands."

More information about the rsbac mailing list