[rsbac] secoff readonly DAC disabling
Amon Ott
ao at rsbac.org
Thu Sep 21 14:25:05 CEST 2006
On Donnerstag 21 September 2006 14:14, Andrea Pasquinucci wrote:
> What about having the possibility only for secoff (uid=400) to have
> readonly access to all the filesystem, overriding DAC access
control?
> This could be a compilation or boot parameter.
I use CAP min_cap DAC_READ_SEARCH for secoff, which does exactly this.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list