From: ao@morpork.shnet.org (A. Ott)
Subject: Further RC changes?
Date: 10 Nov 1999 11:52:00 +0100
Next Article (by Author): Re: 1.0.9a-pre2 nearly finished ao@morpork.shnet.org (A. Ott)
Previous Article (by Author): 1.0.9a-pre2 nearly finished ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date]
[Author]
[Subject]
Hi all! I am reflecting about a change in RC force_role behaviour. Please note, that a file's rc_force_role value is cached in the process attributes. Currently, there are three cases for FILE attribute rc_force_role: - 0-63 (a role number): Set this role for process on execute, keep it on change_owner. - inherit_user: Set role to user's def_role on execute and change_owner (current default value). Makes working with different role a mess, but is most secure. - inherit_process: Keep the old role on execute and change_owner. Makes working with different roles easy, but is insecure, because user might work with somebody else's role. What I now believe to be the best solution is - mixed_inherit: Keep the old role on execute, but use the new user's def_role on chown. I would like to make mixed_inherit the new default value, but changing defaults means a careful check of all existing attribute settings. Comments? Amon. -- ## CrossPoint v3.11 ## - To unsubscribe from the rsbac list, send a mail to majordomo@morpork.shnet.org with unsubscribe rsbac as single line in the body.
Next Article (by Author): Re: 1.0.9a-pre2 nearly finished ao@morpork.shnet.org (A. Ott)
Previous Article (by Author): 1.0.9a-pre2 nearly finished ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date]
[Author]
[Subject]