[rsbac] can't permit execute with FF for "power users"

Orosz Tamás Tamas.Orosz at groupama.hu
Mon Sep 25 13:42:44 CEST 2006

Dear List,

I1d like to use FF module to permit execute in some dirs, buti t works only for „dummies”:

secoff at pingtomi:~$ attr_get_fd FF DIR  ff_flags /tmp/
/tmp/: Returned value: 672

The /tmp contains one simple file:

pingtomi at pingtomi:/tmp$ cat x.sh
ls –l

Dummy user does: 

pingtomi at pingtomi:/tmp$ ./x.sh
-bash: ./x.sh: /bin/sh: bad interpreter: Operation not permitted

This is fine ☺

Power user:

pingtomi at pingtomi:/tmp$ sh x.sh

total 64
-rw------- 1 root     root       625 2006-09-25 06:25 file2Go3kb
-rw------- 1 root     root       626 2006-09-24 06:25 fileDZCLR0
-rwxrwxrwx 1 secoff   secoff      16 2006-09-22 15:35 x.sh

This is wrong for me ☹

Any ideas?

More information about the rsbac mailing list