Beginner probs: login as user


From: Dirk-Jan Faber <dirk-jan@flits102-126.flits.rug.nl>
Subject: Beginner probs: login as user
Date: Mon, 5 Mar 2001 14:40:27 +0100 (CET)

Next Article (by Subject): Re: Beginner probs: login as user Amon Ott
Previous Article (by Subject): Away in May... Amon Ott
Next in Thread: Re: Beginner probs: login as user Amon Ott
Articles sorted by: [Date] [Author] [Subject]


L.s.,

After some minor installation problems I was able to compile and install
a RSBAC kernel and all of the admin tools. First reboot worked fine with
the "rsbac_auth_enable_login" option and I created the two user accounts.

I gave setuid permissions on /bin/login. I think I also gave ACL rights
the correct way to user djfaber (UID 1000). Though reading the following
errror message, I do believe that it has something to do with ACL's on
/bin/login:

  Mar  5 13:50:44 joffie kernel: rsbac_adf_request(): request EXECUTE,
  caller_pid 4907, caller_prog_name login, caller_uid 1000, target-type 
  NONE, tid NONE, attr prot_bits, value 7, result NOT_GRANTED by ACL

I put on some more debugging messages for EXECUTE calls from /bin/login
and got the following messages:

  Mar  5 13:53:04 joffie kernel: rsbac_adf_request(): request EXECUTE,
  caller_pid 3769, caller_prog_name rungetty, caller_uid 0, target-type 
  FILE, tid Device 3:1 Inode 64458 Path /bin/login, attr none, value 0, 
  result GRANTED by FF RC ACL 

This seems to tell me that rungetty is starting /bin/login. Though I
didn't give rungetty specific rights, this seems to work fine.

  Mar  5 13:53:04 joffie kernel: rsbac_adf_request(): request EXECUTE,
  caller_pid 3769, caller_prog_name login, caller_uid 0, target-type FILE, 
  tid Device 3:1 Inode 64458 Path /bin/login, attr prot_bits, value 5, 
  result GRANTED by FF RC ACL 

/bin/login wants to do an EXECUTE. Uid 0 is calling this and gets
granted to do it.

  Mar  5 13:53:04 joffie kernel: rsbac_adf_set_attr(): request EXECUTE,
  caller_pid 3769, target-type FILE, tid Device 3:1 Inode 64458 Path 
  /bin/login, new_target-type NONE, new_tid NONE, attr none, value 0, 
  error 0 

A find -inum tells me that inode 64458 is /bin/login and is indeed on
the first hda device. I think this line is telling me more, but I don't
know how to read it (yet).

  Mar  5 13:53:06 joffie kernel: rsbac_adf_request(): request EXECUTE,
  caller_pid 3769, caller_prog_name login, caller_uid 1000, target-type 
  NONE, tid NONE, attr prot_bits, value 7, result NOT_GRANTED by ACL 

And this line tells me that the request is not granted by ACL. It
looks a lot like the first line in my logs. 

Any thoughts on what to do to get the user djfaber to be able to log in?
(preferable a single commandline; my first thoughts about the menu are
that it is kinda maze-like).

Regards,
  Dirk-Jan Faber

-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Subject): Re: Beginner probs: login as user Amon Ott
Previous Article (by Subject): Away in May... Amon Ott
Next in Thread: Re: Beginner probs: login as user Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.