From: <john@mwk.co.nz>
Subject: Unix secuity and RSBAC ACL's
Date: Wed, 14 Mar 2001 11:10:52 +1300
Next Article (by Date): Re: Unix secuity and RSBAC ACL's Amon Ott
Previous Article (by Date): Re: Oopses or hangs at system start revisited
Next in Thread: Re: Unix secuity and RSBAC ACL's Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]
As I understand it, unix perms are tested first, then RSBAC perms. Thhe result is the most restrictive set of permissions. Thus to use ACL's for a file server you must put 777 on the directories then apply RSBAC ACL's. The problem is that some programs, sendmail, procmail and likely many others, will test for security problems on directories. They cant know about RSBAC and decide that world and group writeable directories are a security failure. Procmail wont execute your procmailrc in your home directory in this case. Sendmail complains also. Is there any way of changing this so that where RSBAC ACLs and unix perms are applied, the RSBAC ACL's override the unix perms? Regards John - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Date): Re: Unix secuity and RSBAC ACL's Amon Ott
Previous Article (by Date): Re: Oopses or hangs at system start revisited
Next in Thread: Re: Unix secuity and RSBAC ACL's Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]