Further RC changes?


From: ao@morpork.shnet.org (A. Ott)
Subject: Further RC changes?
Date: 10 Nov 1999 11:52:00 +0100

Next Article (by Author): Re: 1.0.9a-pre2 nearly finished ao@morpork.shnet.org (A. Ott)
Previous Article (by Author): 1.0.9a-pre2 nearly finished ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject]


Hi all!

I am reflecting about a change in RC force_role behaviour. Please note,  
that a file's rc_force_role value is cached in the process attributes.

Currently, there are three cases for FILE attribute rc_force_role:

- 0-63 (a role number): Set this role for process on execute, keep it on  
change_owner.

- inherit_user: Set role to user's def_role on execute and change_owner  
(current default value). Makes working with different role a mess, but is  
most secure.

- inherit_process: Keep the old role on execute and change_owner. Makes  
working with different roles easy, but is insecure, because user might  
work with somebody else's role.

What I now believe to be the best solution is

- mixed_inherit: Keep the old role on execute, but use the new user's  
def_role on chown.

I would like to make mixed_inherit the new default value, but changing  
defaults means a careful check of all existing attribute settings.

Comments?

Amon.

--
## CrossPoint v3.11 ##
-
To unsubscribe from the rsbac list, send a mail to
majordomo@morpork.shnet.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Author): Re: 1.0.9a-pre2 nearly finished ao@morpork.shnet.org (A. Ott)
Previous Article (by Author): 1.0.9a-pre2 nearly finished ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.