[rsbac] auth_set_cap

Amon Ott ao at rsbac.org
Tue Jan 23 09:38:19 CET 2007

On Dienstag 23 Januar 2007 02:32, Jens Kasten wrote:
> /* request  CHANGE_DAC_FS_OWNER, pid 16017, ppid 1, 
>  prog_name master, prog_file /usr/lib/postfix/master,
>   uid 0, remote ip, target_type PROCESS, 
>   tid 16017, attr owner, value 103, result NOT_GRANTED (Softmode) by 
AUTH  */

> one question i have, must i really restart the services after setup 
> i ask because when i set up it, then it disappears from the log.
> this looks a bit more complicatet, because the security-user has no 
rights for 
> restarting the services and from the log-file i get not the real 
> which must restart. 

In addition to setting the cap at the program, just
auth_set_cap PROCESS add 16017 103

This is what AUTH learning mode does: Set the cap for both program 
file and process.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list