[rsbac] auth_set_cap

Jens Kasten jens at kasten-edv.de
Tue Jan 23 02:32:56 CET 2007

thanks for explaining.
now i have found what i was searching.
from my logging example 

/* request  CHANGE_DAC_FS_OWNER, pid 16017, ppid 1, 
 prog_name master, prog_file /usr/lib/postfix/master,
  uid 0, remote ip, target_type PROCESS, 
  tid 16017, attr owner, value 103, result NOT_GRANTED (Softmode) by AUTH  */

i was always going with rsbac_fd_menu to /usr/lib/postfix/master and add there 
by AUTH FS Cababilities the value 103.

now iam doing map this request

const char *suche_change[] = {
const char *setze_change[] = {
		"",    "-f" , "-e",
		"-g",  "-F",  "-E"

and can instert this as the request and have  this for set up.

auth_set_cap {request} FILE add {prog_file} {value}

and its work like how iam doing it from the rsbac_menu. :)
one question i have, must i really restart the services after setup this?
i ask because when i set up it, then it disappears from the log.
this looks a bit more complicatet, because the security-user has no rights for 
restarting the services and from the log-file i get not the real programname 
which must restart. 


More information about the rsbac mailing list