[OBORONA-SPAM] [rsbac] Restricting /etc/passwd & /etc/shadow from
root...
sftf at yandex.ru
sftf at yandex.ru
Mon Mar 27 04:57:12 CEST 2006
Try to read this (2 tried solutions):
http://sftf.narod.ru/rsbac_howto_myway.txt
This will not work:
"If you still want to use /etc/passwd scheme, try using RC model to
protect it. Create and assign a new TYPE to /etc/passwd, /etc/shadow
files. Define compabilities such that root role can only READ these
files. Create a new ROLE that has write permissions to this new TYPE.
Now assign this force role to useradd, usermod ... commands."
More information about the rsbac
mailing list