[rsbac] New to RSBAC

Louis Bateman lbateman07 at gmail.com
Sun Feb 14 09:40:56 CET 2010

Hi, Thanks for your replies!

On Fri, Feb 12, 2010 at 2:50 AM, Amon Ott <ao at rsbac.org> wrote:

> roletest has to explicitely change active role, e.g. with
> rc_role_wrap number-of-role-roletest2 bash -l

OK thanks. So this means programs must have RSBAC support or a user or a
script...are there any drawbacks to this not being automatic, or is it a
security advantage?

> Each model is independent, if possible.
> RC  with ACL is special: here ACL is considered as an extension for special
> cases, but I have never needed that in real life.

I'm not sure what you mean here? It is my understanding that RC needs the
ACL module...the way the RC model is useful is by assigning permissions for
roles to types...and this is only with the RC + ACL model?

Or is that functionality intrinsic to the RC model and just has the same
permissions avalable as the ACL model, and the ACL model is quite separate?

> We could add ACLs to MAC settings, too, but noone has ever asked for that.
> It
> could even be treated as an extension. Still, it would require some work
> for
> development and much work for testing.
> Amon.
> --
> http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
> _______________________________________________
> rsbac mailing list
> rsbac at rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac


More information about the rsbac mailing list