Several questions

From: steve <steve@clublinux.org>
Subject: Several questions
Date: Fri, 13 Jul 2001 20:37:39 -0500

Next Article (by Subject): Re: Several questions steve
Previous Article (by Subject): RE: security policy and xml Jorgen_Sigvardsson
Next in Thread: Re: Several questions steve
Articles sorted by: [Date] [Author] [Subject] 

Hi,
	First off, my compliments to the programers for doing a great job. The
menu interface for RSBAC is an awsome feature.  

I've installed the latest pre version 1.1.2pre7 (pre6 patch, pre5
admin-tools) on RH7.1 upgraded to a 2.4.6 kernel.  It's running on a
Dell 2450 server with hardware raid (Ultra-160 Perc I believe).  I
mention this because I've discovered that autofs causes the system to
panic and I thought it might be related to my hardware setup.  I saw
mention of mount problems on the list, and I wasn't sure if this might
be related to that or not. Please let me know if there is any more
information I can provide that might be helpful in tracking this down.

I've implemented AUTH, MAC ( with smart inherit), ACL, RC, and FF in the
kernel, and I had a few questions about the operation of the security
policies.

First, in order to allow anyone other than root or secoff to login, I
had to "allow anyone to execute /bin/login as MAC trusted" in addition
to "AUTH may setuid".  I was following the "RSBAC for Beginners"
document, and it didn't mention having to do that.  Is that the proper
thing to do in order to allow users to login?  If so, can you explain to
me this "allow anyone to execute as MAC trusted user" option?  If I had
to enable it on /bin/login, I would expect that I would have to enable
it on other binaries (cat, ls, etc.) in order for normal users to use
them, but I don't.  What am I missing?

I was following the MAC example in the above metioned document and my
experience was a little different.  I found that when I changed the MAC
security level on a file, the effect was immediate.  However, when I
change a users' security level, I had to logout and log back in as the
affected user before it would take effect.  Is this how MAC should work?

Lastly, on the rsbac_menu program, I've noticed that there a display
problem on the ACL menu.  The left side of the display won't show up
until you cursor down, and then cursor back up.   

Thank in advance everyone,
Steve
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Subject): Re: Several questions steve
Previous Article (by Subject): RE: security policy and xml Jorgen_Sigvardsson
Next in Thread: Re: Several questions steve
Articles sorted by: [Date] [Author] [Subject]

Go to Compuniverse LWGate Home Page.