[rsbac] apt-get wrapper
Jens Kasten
jens at kasten-edv.de
Tue Jun 12 20:22:39 CEST 2007
hi liste,
iam testing in the moment this script.
http://kasten-edv.de/rsbac/update.sh_txt
so far it work. i create a user apt with uid 401 and a rc-role 401.
then the kernel must have enabled fakeroot because the apt-get and the dpkg
need it to set it.
with this apt-user which has the ability to read and modify attributes i can
do an upgrade without do an backup bevor, the script build a directory where
all package wich will be upgraded store the attribute like a normal backup.
the most problem is to find proper value for the apt-user, one time not grant
to much rights and other site it need enough to work.
i choose the uid 401 because for me is normal that the security user has 400,
so i learn it too that he has 401.
the biggest disadvantige for is rsbac to more on desktop or server is the
complicatet backup and usally change to softmode wich mean downtime for
services. so it should be established an user and some scripts for the admin
to easy use of rc on the system. in the moment it is not possible to exchange
a script between some rsbac configuration because everybody is cooking his
one. not bad nobody knows the structure from the rsbac on the system :)
but on other hands the location for apache are on all systems the same, so it
should be possible to share the configuration.
i have to leave otherwise i wrote to much in to much bad english :)
mfg
jens kasten
More information about the rsbac
mailing list