Re: acl and more


From: "renaud" <rir@teamlog.fr>
Subject: Re: acl and more
Date: Thu, 9 Aug 2001 11:54:33 +0200

Next Article (by Date): Re: acl and more Amon Ott
Previous Article (by Date): Re: acl and more Amon Ott
Top of Thread: acl and more Arkady A Drovosekov
Next in Thread: Re: acl and more Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Hello Mr Ott and thanks for your masterpiece of software.

I am a beginner with rsbac and I have a question about roles  : i did
compile with rc,auth, acl and i did all the attr commands mentionned in the
docs.

As I try to make a simple 777 directory (/test/acltest) and managing the ACL
for this directory I changed the default mask to permit everything except
CHDIR end CREATE.

To verify my work I try to chdir and mkdir  to this dir with basic user,
root, and secoff  . I'm rejected with root and basic user but I can chdir
and mkdir with secoff .

I can't figure out why secoff has all those rights, and even with the rc
role admin menu I didn't manage to change this.  Can you help me please ??

Thanks by advance, Bye !

Renaud (an alone trainee on RSBAC).







----- Original Message -----
From: "Amon Ott" <ao@rsbac.org>
To: "RSBAC List" <rsbac@compuniverse.de>
Sent: Thursday, August 09, 2001 10:39 AM
Subject: Re: acl and more


> On Mit, 08 Aug 2001 Arkady A Drovosekov wrote:
> > is there a way to perform acl/rc/ff operations from ordinary user?
Operations
> > will touch only user's data.
> > I've tried from user1:
> >
> > acl_grant -v USER user2 A FILE ww.sh
> > Add rights: 000000000000000111100000011011111011111111110110100
> > for USER 1275
> > Processing FILE 'ww.sh'
> > ww.sh: error: Operation not permitted
> >
> > user1 doesn't have any additional (like RC provided) rights
>
> The docs will tell you:
> Do do ACL access control, you need right access_control. To grant
supervisor
> right, you need supervisor.
>
> E.g.:
> As secoff (with right supervisor):
> acl_grant -v USER user1 ACCESS_CONTROL FILE ww.sh
>
> Then as user1
> acl_grant -v USER user2 A FILE ww.sh FILE ww.sh
>
>
> File flags may be set by users with system role security_officer. RC roles
and
> rights may be administrated through a complex scheme or by roles with
> admin_type role_admin.
>
> Amon.
> -
> To unsubscribe from the rsbac list, send a mail to
> majordomo@rsbac.org with
> unsubscribe rsbac
> as single line in the body.

-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): Re: acl and more Amon Ott
Previous Article (by Date): Re: acl and more Amon Ott
Top of Thread: acl and more Arkady A Drovosekov
Next in Thread: Re: acl and more Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.