From: Dirk-Jan Faber <dirk-jan@flits102-126.flits.rug.nl>
Subject: Beginner probs: login as user
Date: Mon, 5 Mar 2001 14:40:27 +0100 (CET)
Next Article (by Date): Re: Beginner probs: login as user Amon Ott
Previous Article (by Date): Re: Request for Reference Documents :) Amon Ott
Next in Thread: Re: Beginner probs: login as user Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]
L.s., After some minor installation problems I was able to compile and install a RSBAC kernel and all of the admin tools. First reboot worked fine with the "rsbac_auth_enable_login" option and I created the two user accounts. I gave setuid permissions on /bin/login. I think I also gave ACL rights the correct way to user djfaber (UID 1000). Though reading the following errror message, I do believe that it has something to do with ACL's on /bin/login: Mar 5 13:50:44 joffie kernel: rsbac_adf_request(): request EXECUTE, caller_pid 4907, caller_prog_name login, caller_uid 1000, target-type NONE, tid NONE, attr prot_bits, value 7, result NOT_GRANTED by ACL I put on some more debugging messages for EXECUTE calls from /bin/login and got the following messages: Mar 5 13:53:04 joffie kernel: rsbac_adf_request(): request EXECUTE, caller_pid 3769, caller_prog_name rungetty, caller_uid 0, target-type FILE, tid Device 3:1 Inode 64458 Path /bin/login, attr none, value 0, result GRANTED by FF RC ACL This seems to tell me that rungetty is starting /bin/login. Though I didn't give rungetty specific rights, this seems to work fine. Mar 5 13:53:04 joffie kernel: rsbac_adf_request(): request EXECUTE, caller_pid 3769, caller_prog_name login, caller_uid 0, target-type FILE, tid Device 3:1 Inode 64458 Path /bin/login, attr prot_bits, value 5, result GRANTED by FF RC ACL /bin/login wants to do an EXECUTE. Uid 0 is calling this and gets granted to do it. Mar 5 13:53:04 joffie kernel: rsbac_adf_set_attr(): request EXECUTE, caller_pid 3769, target-type FILE, tid Device 3:1 Inode 64458 Path /bin/login, new_target-type NONE, new_tid NONE, attr none, value 0, error 0 A find -inum tells me that inode 64458 is /bin/login and is indeed on the first hda device. I think this line is telling me more, but I don't know how to read it (yet). Mar 5 13:53:06 joffie kernel: rsbac_adf_request(): request EXECUTE, caller_pid 3769, caller_prog_name login, caller_uid 1000, target-type NONE, tid NONE, attr prot_bits, value 7, result NOT_GRANTED by ACL And this line tells me that the request is not granted by ACL. It looks a lot like the first line in my logs. Any thoughts on what to do to get the user djfaber to be able to log in? (preferable a single commandline; my first thoughts about the menu are that it is kinda maze-like). Regards, Dirk-Jan Faber - To unsubscribe from the rsbac list, send a mail to majordomo@rsbac.org with unsubscribe rsbac as single line in the body.
Next Article (by Date): Re: Beginner probs: login as user Amon Ott
Previous Article (by Date): Re: Request for Reference Documents :) Amon Ott
Next in Thread: Re: Beginner probs: login as user Amon Ott
Articles sorted by: [Date]
[Author]
[Subject]