Re: AUTH module - denying CHANGE_OWNER request?


From: Jesse Pollard <pollard@cats-chateau.net>
Subject: Re: AUTH module - denying CHANGE_OWNER request?
Date: Mon, 3 Jul 2000 21:20:54 -0500

Next Article (by Subject): Re: AUTH module - denying CHANGE_OWNER request? 320081322443-0001@t-online.de (Amon Ott)
Previous Article (by Subject): AUTH module - denying CHANGE_OWNER request? pyromage@pyromage.net
Top of Thread: AUTH module - denying CHANGE_OWNER request? pyromage@pyromage.net
Next in Thread: Re: AUTH module - denying CHANGE_OWNER request? 320081322443-0001@t-online.de (Amon Ott)
Articles sorted by: [Date] [Author] [Subject]


On Mon, 03 Jul 2000, 320081322443-0001@t-online.de wrote:
>Hello 8-}
>
>RSBAC is a great patch, but I'm having trouble getting everything to work
>correctly. I have the auth module setup, and most of my daemons work fine once
>I add the needed capabilities, however some still some problems remain with
>some (like /bin/login). It is denied CHANGE_OWNER request (to root, i
>believe), even though I have explicitly given it that capability! The odd
>thing is that console logins work fine, but no remote logins are possible!
>
>Ideas?

I may be the wrong source for this but:

console logins inherit getty privileges, which inherits from init (getty
restarted by init).

telnet (I think this is what you are referring to) login inherits from telnetd
which inherits from inetd. This is a different chain, and doesn't go back to
init. inetd doesn't get restarted by init (inheritance chain broken there).

Since I don't have an active RSBAC system yet, I can't give a "do this"
solution.
-- 
-------------------------------------------------------------------------
Jesse I Pollard, II
Email: pollard@cats-chateau.net

Any opinions expressed are solely my own.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Subject): Re: AUTH module - denying CHANGE_OWNER request? 320081322443-0001@t-online.de (Amon Ott)
Previous Article (by Subject): AUTH module - denying CHANGE_OWNER request? pyromage@pyromage.net
Top of Thread: AUTH module - denying CHANGE_OWNER request? pyromage@pyromage.net
Next in Thread: Re: AUTH module - denying CHANGE_OWNER request? 320081322443-0001@t-online.de (Amon Ott)
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.