[rsbac] About this part of Jens Documentation

Jens Kasten jens at kasten-edv.de
Sun Feb 15 20:57:43 CET 2015


Am Sun, 15 Feb 2015 18:41:39 +0100
schrieb Javier Juan Martínez Cabezón <tazok at rsbac.org>:

Hi Javier,

You have to enable in kernel config fake root in section RSBAC.

You can use rsbac_menu /path/to/bin and choose fake root uid or
attr_set_file_dir FILE /path/to/bin fake_root_uid [0-3]

Yes set it to emerge but fake_root_uid is not for expand permisson for
an user its just make possible to fool programs if they do a check
like is user_id == 0. 

The permission is set for example: 
attr_set_user updater min_caps CHOWN DAC_OVERRIDE DAC_READ_SEARCH
FOWNER FSETID MKNOD NET_BIND_SERVICE


Depend on setup maybe have to change some roles too.

Grüße

Jens

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> 
> 
> 
> Hi Jens, it's related with this part of your docs.
> 
> Did you need to set fakeroot in some place?
> How did you do it?
> That is, did you set fakeroot to emerge binary or how did you deal
> with owner permissions of new packages installed?
> 
> http://www.rsbac.org/wiki/experiences/igraltist/admins#add_updater_user
> 
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> 
> iQIcBAEBAgAGBQJU4NpRAAoJEFfmTgt/w77fG30P/1/hf0FyC5oWp0Gc3JT9UptE
> V1cwJqaKP874MpNA/iUWCuKqL6taYPT0gz9u5+xBIPZ0fEnsT7I0+p59b1jZQSA1
> c3SBWAC++ube5eAauM2Ho7CImvyR6ve0v1O0TZmaOC9X21m8KsCBlAGYXH/9Cwsz
> zvnLzBscTSVEzyvIv4b+m/FiJHdjx51DzCNbrB+CzcS6U99n0ICJnUi3gZMBtJCV
> xuN2bvfBwmzYbb2qfqiKCigwHLsXWsDq+QACCntOSM9VPmm0GAy7CnR0eK6bAo4M
> NLGDrQRwhce9v3EkFsgv1mrfP6F4j48NCvGFrhU7yiBAw+7JHNKJ0Jj61Q3QgC6L
> tDXdBnxvYaPN8k2SFLx/2XYd81IiyKTOjwnlhH6IDLLeXH2j+SFeTEW5VQVWDAPc
> HqNCw3UJlrxqHhvpJPt6MOmQXIRCe8tABA73PhZezuR1UYquSUZGvBMF0oRUwQUr
> 4/jjhl24Q9UGL73znmAlzVc/RUdel8kv/8wui19pYwW3phds1qTuPGimucObU5Ty
> p/ySpbjSCsT1wE2G3FcAdNgozGwPnWry6uKikoeizx5gxhYwwEY6leKBN3CTNF5s
> tJLAF+0ae1swTAv8DNz2FlxqDXiWKdt9aG/EGJ0b1cv1ka0GmztlaTv4l9YotEZT
> wwYegpeKcSabD3mqfSN6
> =WnsQ
> -----END PGP SIGNATURE-----
> _______________________________________________
> rsbac mailing list
> rsbac at rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac



More information about the rsbac mailing list