Unix secuity and RSBAC ACL's


From: <john@mwk.co.nz>
Subject: Unix secuity and RSBAC ACL's
Date: Wed, 14 Mar 2001 11:10:52 +1300

Next Article (by Subject): Re: Unix secuity and RSBAC ACL's Amon Ott
Previous Article (by Subject): Re: understanding Su "john huttley"
Next in Thread: Re: Unix secuity and RSBAC ACL's Amon Ott
Articles sorted by: [Date] [Author] [Subject]


As I understand it, unix perms are tested first, then RSBAC perms. Thhe
result is the most restrictive set of permissions.

Thus to use ACL's for a file server you must put 777 on the directories then
apply RSBAC ACL's.

The problem is that some programs, sendmail, procmail and likely many
others, will test for security problems on directories.
They cant know about RSBAC and decide that world and group writeable
directories are a security failure.

Procmail wont execute your procmailrc in your home directory in this case.
Sendmail complains also.

Is there any way of changing this so that where RSBAC ACLs and unix perms
are applied, the RSBAC ACL's override the unix perms?

Regards

John


-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Subject): Re: Unix secuity and RSBAC ACL's Amon Ott
Previous Article (by Subject): Re: understanding Su "john huttley"
Next in Thread: Re: Unix secuity and RSBAC ACL's Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.