[rsbac] granting syslog-ng the right to access /proc/rsbac-info/rmsg

Sven Seeland sven.seeland at gmx.de
Wed Jul 18 21:23:43 CEST 2007

Hm, however if I change root's roles to auditor he isn't Administrator any more. 
Does that remove any rights that root might have? I can't find any documentation 
about AUTH and FF roles anywhere so I don't know what they do. I also couldn't 
find out where or if you can define your own roles or anything like that. I just 
know where to set them.

Thanks a lot,

Amon Ott schrieb:
> On Wednesday 18 July 2007 09:34, Sven Seeland wrote:
>>> Your "start a seperate syslog under secoff credentials" is WRONG
>>> IDEA! In properly configured RSBAC no daemons must run with
>>> secoff privileges. You should use RC model and should create role
>>> for init and grant appropriate premissions to this role.
>> that's my thinking exactly. However, running syslog-ng under secoff
>> credentials is the way it is officially documented on the RSBAC
>> website
>> (http://www.rsbac.org/documentation/rsbac_handbook/configuration_ba
>> sics/administration_examples/syslog-ng)
>> And if I just have syslog-ng (which has it's own RC role, by the
>> way) access /proc/rsbac-info/rmsg I get errors from RC, AUTH *and*
>> FF. Now, fixing the RC part is easy. But how do I fix AUTH and FF?
>> I couldn't figure it out for the life of me.
> AUTH and FF have hardcoded protection for RSBAC log. You can change 
> root's FF and AUTH roles to auditor, this is the designated role and 
> does not grant further rights.
> Amon.

More information about the rsbac mailing list