Re: root access to block disk devices


From: Arkady A Drovosekov <drawa@suct.uu.ru>
Subject: Re: root access to block disk devices
Date: Mon, 16 Jul 2001 09:03:56 +0600

Next Article (by Date): You can add value to your existing site by adding an auction! matthew steed
Previous Article (by Date): Re: root access to block disk devices steve
Top of Thread: root access to block disk devices steve
Next in Thread: Re: root access to block disk devices Amon Ott
Articles sorted by: [Date] [Author] [Subject]


On Sun, Jul 15, 2001 at 08:53:24PM -0500, steve wrote:
> Hello?  Is anyone listening? :-)
;-)
	
> I figured out how to prevent root from accessing your disks through the
> devices.   What was holding me up is that I was removing the rights from
> the device for root, but root was still getting access from Group 0
> (everyone).  Once I removed rights from that group, root could no longer
> access the information on disk using the devices (e.g. /dev/sda,
> /dev/sda1, etc.)
> 
> Maybe this is old news, but I couldn't find reference to it in the
> archives.
another variant:
create RC Type disk_dev
assign it to /dev/...
create RC Role disk_adm with access rights to disk_dev
assign role disk_adm to necessary programs (e2fsck, mount, umount, etc.)

all this described (too shortly) in RSBAC-DOC.html
-- 
Best regards,
Arkady
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): You can add value to your existing site by adding an auction! matthew steed
Previous Article (by Date): Re: root access to block disk devices steve
Top of Thread: root access to block disk devices steve
Next in Thread: Re: root access to block disk devices Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.