[rsbac] auth_set_cap
Jens Kasten
jens at kasten-edv.de
Tue Jan 23 02:32:56 CET 2007
hi,
thanks for explaining.
now i have found what i was searching.
from my logging example
/* request CHANGE_DAC_FS_OWNER, pid 16017, ppid 1,
prog_name master, prog_file /usr/lib/postfix/master,
uid 0, remote ip 192.168.1.5, target_type PROCESS,
tid 16017, attr owner, value 103, result NOT_GRANTED (Softmode) by AUTH */
i was always going with rsbac_fd_menu to /usr/lib/postfix/master and add there
by AUTH FS Cababilities the value 103.
now iam doing map this request
const char *suche_change[] = {
"CHANGE_OWNER", "CHANGE_DAC_FS_OWNER" , "CHANGE_DAC_EFF_OWNER",
"CHANGE_GROUP", "CHANGE_DAC_FS_GROUP" , "CHANGE_DAC_EFF_GROUP"
};
const char *setze_change[] = {
"", "-f" , "-e",
"-g", "-F", "-E"
};
and can instert this as the request and have this for set up.
auth_set_cap {request} FILE add {prog_file} {value}
and its work like how iam doing it from the rsbac_menu. :)
one question i have, must i really restart the services after setup this?
i ask because when i set up it, then it disappears from the log.
this looks a bit more complicatet, because the security-user has no rights for
restarting the services and from the log-file i get not the real programname
which must restart.
mfg
igraltist
More information about the rsbac
mailing list