From: Amon Ott <ao@rsbac.org>
Subject: Re: Roles question
Date: Tue, 31 Jul 2001 10:19:03 +0200
Next Article (by Subject): Re: Roles question steve
Previous Article (by Subject): Re: Roles question steve
Top of Thread: Roles question steve
Next in Thread: Re: Roles question steve
Articles sorted by: [Date]
[Author]
[Subject]
On Mon, 30 Jul 2001 steve wrote: > My apologies... It was my log cofiguration not showing DEBUG level info. > > Here is the complete message that is logged: > > Jul 30 07:43:29 localhost kernel: check_comp_rc(): rc_role is 3, rc_type > is 0, request is SEARCH -> NOT_GRANTED! > Jul 30 07:43:29 localhost kernel: rsbac_adf_request(): request SEARCH, > caller_pid 10826, caller_prog_name qmail-qstat, caller_uid 0, > target-type > DIR, tid Device 8:10 Inode 2 Path /, attr none, value 0, result > NOT_GRANTED > by RC OK. So your qmail-qstat runs with role 3. You will have to give SEARCH for type 0 to this role, what is harmless enough, to allow it to go down the dir tree with absolute paths. No dir reading by the role would be allowed, because that would require READ right. Amon. - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Subject): Re: Roles question steve
Previous Article (by Subject): Re: Roles question steve
Top of Thread: Roles question steve
Next in Thread: Re: Roles question steve
Articles sorted by: [Date]
[Author]
[Subject]