From: Stanislav Ievlev <inger@altlinux.ru>
Subject: softmode vs. PM and RSBAC backup.
Date: Wed, 13 Jun 2001 14:27:37 +0400
Next Article (by Author): Re: softmode vs. PM and RSBAC backup. Stanislav Ievlev
Previous Article (by Author): RSBAC BIG AUDIT Stanislav Ievlev
Next in Thread: Re: softmode vs. PM and RSBAC backup. Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]
This is a multi-part message in MIME format. --------------010108080302010909010704 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Hello! There are two little problems: 1. Backup in RSBAC: We must turn off all modules for backup procedure now. But it's is not secure. What about special role for backup (like in Windows NT). This role must be only for special backup program, no for real users. 2. Soft mode: I need more rights in soft_mode. RC working in "hard" mode under "soft" mode now. Most RC operations permitted only for role_admin. I apply patch for it. ---------------------- With best regards Stanislav Ievlev <inger@altlinux.ru> --------------010108080302010909010704 Content-Type: text/plain; name="rsbac-rcsoftmode.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="rsbac-rcsoftmode.patch" --- linux/rsbac/adf/rc/rc_main.c.orig Fri Apr 27 17:09:34 2001 +++ linux/rsbac/adf/rc/rc_main.c Wed Jun 13 12:40:53 2001 @@ -249,7 +249,13 @@ return -RSBAC_EREADFAILED; } /* allow, if t_role contained in admin_roles */ - if (i_rc_item_val1.admin_roles & ((rsbac_rc_role_vector_t) 1 << t_role) ) + if (i_rc_item_val1.admin_roles & ((rsbac_rc_role_vector_t) 1 << t_role) + #ifdef CONFIG_RSBAC_SOFTMODE + || ( rsbac_softmode + && (i_rc_item_val1.admin_type == RC_system_admin) + ) + #endif + ) return 0; else return -EPERM; @@ -455,6 +461,11 @@ || ( !modify && (i_rc_item_val1.admin_type == RC_system_admin) ) + #ifdef CONFIG_RSBAC_SOFTMODE + || ( rsbac_softmode + && (i_rc_item_val1.admin_type == RC_system_admin) + ) + #endif ) return 0; else --------------010108080302010909010704-- - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Author): Re: softmode vs. PM and RSBAC backup. Stanislav Ievlev
Previous Article (by Author): RSBAC BIG AUDIT Stanislav Ievlev
Next in Thread: Re: softmode vs. PM and RSBAC backup. Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]