[rsbac] About this part of Jens Documentation
Jens Kasten
jens at kasten-edv.de
Sun Feb 15 20:57:43 CET 2015
Am Sun, 15 Feb 2015 18:41:39 +0100
schrieb Javier Juan Martínez Cabezón <tazok at rsbac.org>:
Hi Javier,
You have to enable in kernel config fake root in section RSBAC.
You can use rsbac_menu /path/to/bin and choose fake root uid or
attr_set_file_dir FILE /path/to/bin fake_root_uid [0-3]
Yes set it to emerge but fake_root_uid is not for expand permisson for
an user its just make possible to fool programs if they do a check
like is user_id == 0.
The permission is set for example:
attr_set_user updater min_caps CHOWN DAC_OVERRIDE DAC_READ_SEARCH
FOWNER FSETID MKNOD NET_BIND_SERVICE
Depend on setup maybe have to change some roles too.
Grüße
Jens
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
>
>
> Hi Jens, it's related with this part of your docs.
>
> Did you need to set fakeroot in some place?
> How did you do it?
> That is, did you set fakeroot to emerge binary or how did you deal
> with owner permissions of new packages installed?
>
> http://www.rsbac.org/wiki/experiences/igraltist/admins#add_updater_user
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBAgAGBQJU4NpRAAoJEFfmTgt/w77fG30P/1/hf0FyC5oWp0Gc3JT9UptE
> V1cwJqaKP874MpNA/iUWCuKqL6taYPT0gz9u5+xBIPZ0fEnsT7I0+p59b1jZQSA1
> c3SBWAC++ube5eAauM2Ho7CImvyR6ve0v1O0TZmaOC9X21m8KsCBlAGYXH/9Cwsz
> zvnLzBscTSVEzyvIv4b+m/FiJHdjx51DzCNbrB+CzcS6U99n0ICJnUi3gZMBtJCV
> xuN2bvfBwmzYbb2qfqiKCigwHLsXWsDq+QACCntOSM9VPmm0GAy7CnR0eK6bAo4M
> NLGDrQRwhce9v3EkFsgv1mrfP6F4j48NCvGFrhU7yiBAw+7JHNKJ0Jj61Q3QgC6L
> tDXdBnxvYaPN8k2SFLx/2XYd81IiyKTOjwnlhH6IDLLeXH2j+SFeTEW5VQVWDAPc
> HqNCw3UJlrxqHhvpJPt6MOmQXIRCe8tABA73PhZezuR1UYquSUZGvBMF0oRUwQUr
> 4/jjhl24Q9UGL73znmAlzVc/RUdel8kv/8wui19pYwW3phds1qTuPGimucObU5Ty
> p/ySpbjSCsT1wE2G3FcAdNgozGwPnWry6uKikoeizx5gxhYwwEY6leKBN3CTNF5s
> tJLAF+0ae1swTAv8DNz2FlxqDXiWKdt9aG/EGJ0b1cv1ka0GmztlaTv4l9YotEZT
> wwYegpeKcSabD3mqfSN6
> =WnsQ
> -----END PGP SIGNATURE-----
> _______________________________________________
> rsbac mailing list
> rsbac at rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac
More information about the rsbac
mailing list