[prev in list] [next in list] [prev in thread] [next in thread]
List: rsbac
Subject: Re: [rsbac] =?utf-8?q?attr=5Fset=5Fuser_not_work?=
From: Jens Kasten <jens () kasten-edv ! de>
Date: 2012-05-20 3:31:00
Message-ID: 204456e1b624a14ec8cb7686fe6b9a86 () kasten-edv ! de
[Download RAW message or body]
Its was my mistake.
must call min_caps!
I want use an user for update. So I set up this:
cat create_update_user_gentoo.sh
# for using emerge
attr_set_file_dir FILE /usr/lib64/portage/bin/emerge fake_root_uid 3
# allow security user to create home directory
attr_set_user security min_caps DAC_OVERRIDE
# create group and user updater
rsbac_groupadd -g 410 updater
rsbac_useradd -m -d /home/updater -g 410 -u 410 updater
# disabled it again
attr_set_user security min_caps
# set min caps for user updater
attr_set_user updater min_caps CHOWN DAC_OVERRIDE DAC_READ_SEARCH
FOWNER FSETID MKNOD NET_BIND_SERVICE
# solve this acl request
# request GET_STATUS_DATA, pid 10699, ppid 10696, prog_name sort,
prog_file /bin/sort, uid 410, remote ip 192.168.1.5, target_type SCD,
tid priority, attr none, value none, result NOT_GRANTED by ACL
acl_grant USER 410 GET_STATUS_DATA SCD priority
The home directory I will change and shell but later.
Later also its need some more access rights for rsbac attribute to read
and write.
Maybe I forget something?
I have not try all emerge stuff, but simple install packages does work
Am 2012-05-20 05:03, schrieb Jens Kasten:
> Hi list,
>
> I try to allow the security user to create home directories
> temporary.
> But when I do this:
>
> attr_set_user security min_cap DAC_OVERRIDE
> attr_set_user: Invalid Attribute min_cap!
--
Mit freundlichen Grüßen
Jens Kasten
http://www.kasten-edv.de
_______________________________________________
rsbac mailing list
rsbac@rsbac.org
http://www.rsbac.org/mailman/listinfo/rsbac
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic