[rsbac] apt-get wrapper

Jens Kasten jens at kasten-edv.de
Tue Jun 12 20:22:39 CEST 2007

hi liste,
iam testing in the moment this script.
so far it work. i create a user apt with uid 401 and a rc-role 401.
then the kernel must have enabled fakeroot because the apt-get and the dpkg 
need it to set it.
with this apt-user which has the ability to read and modify attributes i can 
do an upgrade without do an backup bevor, the script build a directory where 
all package wich will be upgraded store the attribute like a normal backup.
the most problem is to find proper value for the apt-user, one time not grant 
to much rights and other site it need enough to work.
i choose the uid 401 because for me is normal that the security user has 400, 
so i learn it too that he has 401.
the biggest disadvantige for is rsbac to more on desktop or server is the 
complicatet backup and usally change to softmode wich mean downtime for 
services. so it should be established an user and some scripts for the admin 
to easy use of rc on the system. in the moment it is not possible to exchange 
a script between some rsbac configuration because everybody is cooking his 
one. not bad nobody knows the structure from the rsbac on the system :)
but on other hands the location for apache are on all systems the same, so it 
should be possible to share the configuration.
i have to leave otherwise i wrote to much in to much bad english :)
jens kasten

More information about the rsbac mailing list