Re: acl and more


From: Amon Ott <ao@rsbac.org>
Subject: Re: acl and more
Date: Thu, 9 Aug 2001 10:39:47 +0200

Next Article (by Date): Re: acl and more "renaud"
Previous Article (by Date): acl and more Arkady A Drovosekov
Top of Thread: acl and more Arkady A Drovosekov
Next in Thread: Re: acl and more "renaud"
Articles sorted by: [Date] [Author] [Subject]


On Mit, 08 Aug 2001 Arkady A Drovosekov wrote:
> is there a way to perform acl/rc/ff operations from ordinary user? Operations
> will touch only user's data.
> I've tried from user1:
> 
> acl_grant -v USER user2 A FILE ww.sh
> Add rights: 000000000000000111100000011011111011111111110110100
> for USER 1275
> Processing FILE 'ww.sh'
> ww.sh: error: Operation not permitted
> 
> user1 doesn't have any additional (like RC provided) rights

The docs will tell you:
Do do ACL access control, you need right access_control. To grant supervisor
right, you need supervisor.

E.g.:
As secoff (with right supervisor):
acl_grant -v USER user1 ACCESS_CONTROL FILE ww.sh

Then as user1
acl_grant -v USER user2 A FILE ww.sh FILE ww.sh


File flags may be set by users with system role security_officer. RC roles and
rights may be administrated through a complex scheme or by roles with
admin_type role_admin.

Amon.
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): Re: acl and more "renaud"
Previous Article (by Date): acl and more Arkady A Drovosekov
Top of Thread: acl and more Arkady A Drovosekov
Next in Thread: Re: acl and more "renaud"
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.