[rsbac] can't permit execute with FF for "power users"
Orosz Tamás
Tamas.Orosz at groupama.hu
Mon Sep 25 13:42:44 CEST 2006
Dear List,
I1d like to use FF module to permit execute in some dirs, buti t works only for „dummies”:
secoff at pingtomi:~$ attr_get_fd FF DIR ff_flags /tmp/
/tmp/: Returned value: 672
The /tmp contains one simple file:
pingtomi at pingtomi:/tmp$ cat x.sh
#!/bin/sh
ls –l
Dummy user does:
pingtomi at pingtomi:/tmp$ ./x.sh
-bash: ./x.sh: /bin/sh: bad interpreter: Operation not permitted
This is fine ☺
Power user:
pingtomi at pingtomi:/tmp$ sh x.sh
total 64
-rw------- 1 root root 625 2006-09-25 06:25 file2Go3kb
-rw------- 1 root root 626 2006-09-24 06:25 fileDZCLR0
…
…
-rwxrwxrwx 1 secoff secoff 16 2006-09-22 15:35 x.sh
This is wrong for me ☹
Any ideas?
More information about the rsbac
mailing list