Re: Several questions


From: steve <steve@clublinux.org>
Subject: Re: Several questions
Date: Sat, 14 Jul 2001 12:16:58 -0500

Next Article (by Author): root access to block disk devices steve
Previous Article (by Author): Several questions steve
Top of Thread: Several questions steve
Next in Thread: Re: Several questions Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Never mind about the MAC questions.  I think I'll stick to ACLS, AUTH,
RC, and FF for now.  MAC will take a lot more time to learn than all of
the others combined me thinks ;-)


Steve

steve wrote:
> 
> Hi,
>         First off, my compliments to the programers for doing a great job. The
> menu interface for RSBAC is an awsome feature.
> 
> I've installed the latest pre version 1.1.2pre7 (pre6 patch, pre5
> admin-tools) on RH7.1 upgraded to a 2.4.6 kernel.  It's running on a
> Dell 2450 server with hardware raid (Ultra-160 Perc I believe).  I
> mention this because I've discovered that autofs causes the system to
> panic and I thought it might be related to my hardware setup.  I saw
> mention of mount problems on the list, and I wasn't sure if this might
> be related to that or not. Please let me know if there is any more
> information I can provide that might be helpful in tracking this down.
> 
> I've implemented AUTH, MAC ( with smart inherit), ACL, RC, and FF in the
> kernel, and I had a few questions about the operation of the security
> policies.
> 
> First, in order to allow anyone other than root or secoff to login, I
> had to "allow anyone to execute /bin/login as MAC trusted" in addition
> to "AUTH may setuid".  I was following the "RSBAC for Beginners"
> document, and it didn't mention having to do that.  Is that the proper
> thing to do in order to allow users to login?  If so, can you explain to
> me this "allow anyone to execute as MAC trusted user" option?  If I had
> to enable it on /bin/login, I would expect that I would have to enable
> it on other binaries (cat, ls, etc.) in order for normal users to use
> them, but I don't.  What am I missing?
> 
> I was following the MAC example in the above metioned document and my
> experience was a little different.  I found that when I changed the MAC
> security level on a file, the effect was immediate.  However, when I
> change a users' security level, I had to logout and log back in as the
> affected user before it would take effect.  Is this how MAC should work?
> 
> Lastly, on the rsbac_menu program, I've noticed that there a display
> problem on the ACL menu.  The left side of the display won't show up
> until you cursor down, and then cursor back up.
> 
> Thank in advance everyone,
> Steve
> -
> To unsubscribe from the rsbac list, send a mail to
> majordomo@rsbac.org with
> unsubscribe rsbac
> as single line in the body.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Author): root access to block disk devices steve
Previous Article (by Author): Several questions steve
Top of Thread: Several questions steve
Next in Thread: Re: Several questions Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.