Re: root access to block disk devices


From: steve <steve@clublinux.org>
Subject: Re: root access to block disk devices
Date: Mon, 16 Jul 2001 17:41:37 -0500

Next Article (by Date): Re: root access to block disk devices Arkady A Drovosekov
Previous Article (by Date): Re: root access to block disk devices steve
Top of Thread: root access to block disk devices steve
Next in Thread: Re: root access to block disk devices Arkady A Drovosekov
Articles sorted by: [Date] [Author] [Subject]


> another variant:
> create RC Type disk_dev
> assign it to /dev/...
> create RC Role disk_adm with access rights to disk_dev
> assign role disk_adm to necessary programs (e2fsck, mount, umount, etc.)
> 
> all this described (too shortly) in RSBAC-DOC.html

I did something similar in order to allow access to the tty devices.  I
removed all access to all devices from everyone except secoff (using
ACLs) and then tried to create an RC type console-tty device to allow
people to login.  Unfortunately, I jumped in without looking and it
turned out to be a bigger chore than I thought.  For instance, the init
process tried to access device /dev/ram3.  Any idea why that might be?  

Anyway, I think I'm going to have to start out blocking access to
specific devices rather than blocking access to all devices and giving
it back where needed.  I need to do a lot more research and testing to
get the latter to work.

Does anyone have a list of devices (besides disks and kmem/mem) that you
recommend removing access to?

Thanks for the suggestions,
Steve




> --
> Best regards,
> Arkady
> -
> To unsubscribe from the rsbac list, send a mail to
> majordomo@rsbac.org with
> unsubscribe rsbac
> as single line in the body.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): Re: root access to block disk devices Arkady A Drovosekov
Previous Article (by Date): Re: root access to block disk devices steve
Top of Thread: root access to block disk devices steve
Next in Thread: Re: root access to block disk devices Arkady A Drovosekov
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.