From: steve <steve@clublinux.org>
Subject: Re: root access to block disk devices
Date: Mon, 16 Jul 2001 17:41:37 -0500
Next Article (by Author): 1.1.2pre8 compile error steve
Previous Article (by Author): Re: root access to block disk devices steve
Top of Thread: root access to block disk devices steve
Next in Thread: Re: root access to block disk devices Arkady A Drovosekov
Articles sorted by: [Date]
[Author]
[Subject]
> another variant: > create RC Type disk_dev > assign it to /dev/... > create RC Role disk_adm with access rights to disk_dev > assign role disk_adm to necessary programs (e2fsck, mount, umount, etc.) > > all this described (too shortly) in RSBAC-DOC.html I did something similar in order to allow access to the tty devices. I removed all access to all devices from everyone except secoff (using ACLs) and then tried to create an RC type console-tty device to allow people to login. Unfortunately, I jumped in without looking and it turned out to be a bigger chore than I thought. For instance, the init process tried to access device /dev/ram3. Any idea why that might be? Anyway, I think I'm going to have to start out blocking access to specific devices rather than blocking access to all devices and giving it back where needed. I need to do a lot more research and testing to get the latter to work. Does anyone have a list of devices (besides disks and kmem/mem) that you recommend removing access to? Thanks for the suggestions, Steve > -- > Best regards, > Arkady > - > To unsubscribe from the rsbac list, send a mail to > majordomo@rsbac.org with > unsubscribe rsbac > as single line in the body. - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Author): 1.1.2pre8 compile error steve
Previous Article (by Author): Re: root access to block disk devices steve
Top of Thread: root access to block disk devices steve
Next in Thread: Re: root access to block disk devices Arkady A Drovosekov
Articles sorted by: [Date]
[Author]
[Subject]