Re: praise and install issues of rsbac


From: ao@morpork.shnet.org (A. Ott)
Subject: Re: praise and install issues of rsbac
Date: 30 Jan 2000 16:50:00 +0100

Next Article (by Date): Finally "Paul D. Robertson"
Previous Article (by Date): Re: praise and install issues of rsbac tech-guy
Top of Thread: praise and install issues of rsbac tech-guy
Articles sorted by: [Date] [Author] [Subject]


********* ***************** ********** ****  *****   ***** ************
  To subject Re: praise and install issues of rsbac
  Tech-Guy@excite.com (tech-guy)  wrote:
********** ******************** ******  ********  ******* *************

> - when you create the security officer, dataprotect officer and tp managers,
> must you put them in /home/<username>? when I created these accounts, i've
> created their accounts off of "/"

It doesn't matter, where - these are just examples. If you are using the  
sample RC home protection script, those dirs won't be protected from root,  
though - the script assumes all home dirs to be below /home.

> - is there a webpage where i can view past submittal and replies to the
> rsbac list?

Sorry, no. But you can use majordomo to get the current list archive sent  
by mail, see your rsbac list welcome message. The list is on an offline  
box with regular mail polling.

> - should i create the 'everyone' group with gid0?  i noticed that creating
> another gid0 conflicted w/ the group named "root" which has gid0 already

Don't mix up Linux and ACL groups, they are completely different things.  
The ACL group everyone (0) is always there and can not be changed. Just  
use rsbac_acl_group_menu to setup and view your ACL groups.

All RSBAC models completely ignore Linux groups, user names, file and dir  
modes (Linux permissions).

> - if i boot into a virgin kernel (w/o rsbac components), delete all security
> accounts (secoff, dp officer, tp manager), delete all 'rsbac' folders,
> create new uid400 and uid401, recompile the kernel w/ very minimal rsbac
> components like ff,ms,auth,rc and acl- remake the admintools, then reboot-
> will this mess things up?  or will i need to be lockedup in a looneybin
> first?  all i want to do is start fresh again if possible....

You don't need to delete the user accounts. All RSBAC stuff is only saved  
in the /rsbac folders on each partition. If you delete those and make  
install in the tools dir, you have a fresh new system.

Amon.

--
Please remove second ao for E-Mail reply - no spam please!
## CrossPoint v3.11 ##
-
To unsubscribe from the rsbac list, send a mail to
majordomo@morpork.shnet.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): Finally "Paul D. Robertson"
Previous Article (by Date): Re: praise and install issues of rsbac tech-guy
Top of Thread: praise and install issues of rsbac tech-guy
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.