[rsbac] Type Comp Group -> READ
Sven Seeland
sven.seeland at gmx.de
Thu Mar 1 23:02:39 CET 2007
Hello everyone!
I'm new to this list, RSBAC and linux security over all and wanted to take this
opportunity to say hello and introduce myself, since you'll most likely be
hearing a lot from me in the future (mainly newbie questions).
I'm currently setting up a homeserver as a hobby-project of mine and - you
guessed it - I'm using RSBAC to secure it. I've found it to be the best
available solution for my purposes except for one thing: documentation. Which is
why I'm on this list.
And here comes my first question...
I'm currently running into quite a few programs that are trying to READ a target
of the type "group", like so:
<6>0034764112|rsbac_adf_request(): request READ, pid 2010, ppid 2009, prog_name
id, prog_file /bin/id, uid 0, audit uid 400, remote ip 192.168.11.3, target_type
GROUP, tid 65534, attr none, value none, result NOT_GRANTED (Softmode) by RC
Well. I know what the group target is (kinda) - it's a linux user group. But
what happens when you "read" it? Is it generally safe to grant this right? Or is
it unneccessary since the programs will operate without it just as well?
I know how to grant the right and make the conflicts go away, the question is
whether I should and how restrictive I should be about it.
I've searched all over the place but couldn't find anything so far.
Any pointers or advice would be greatly appreciated.
Greetings,
Sven
More information about the rsbac
mailing list