[rsbac] auth_set_cap
Amon Ott
ao at rsbac.org
Tue Jan 23 09:38:19 CET 2007
On Dienstag 23 Januar 2007 02:32, Jens Kasten wrote:
> /* request CHANGE_DAC_FS_OWNER, pid 16017, ppid 1,
> prog_name master, prog_file /usr/lib/postfix/master,
> uid 0, remote ip 192.168.1.5, target_type PROCESS,
> tid 16017, attr owner, value 103, result NOT_GRANTED (Softmode) by
AUTH */
> one question i have, must i really restart the services after setup
this?
> i ask because when i set up it, then it disappears from the log.
> this looks a bit more complicatet, because the security-user has no
rights for
> restarting the services and from the log-file i get not the real
programname
> which must restart.
In addition to setting the cap at the program, just
auth_set_cap PROCESS add 16017 103
This is what AUTH learning mode does: Set the cap for both program
file and process.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list