Re: 1.2.0-pre2 - first tests

From: Amon Ott <ao@rsbac.org>
Subject: Re: 1.2.0-pre2 - first tests
Date: Mon, 29 Oct 2001 12:35:25 +0100

Next Article (by Date): Re: 1.2.0-pre2 - first tests Stanislav Ievlev
Previous Article (by Date): Bruno Engelmann
Top of Thread: 1.2.0-pre2 - first tests Stanislav Ievlev
Next in Thread: Re: 1.2.0-pre2 - first tests Stanislav Ievlev
Articles sorted by: [Date] [Author] [Subject] 

On Monday 29 October 2001 11:01, Stanislav Ievlev wrote:
> I've just seen latest RSBAC. It's very interesting, but I have some
> questions:
>
> 1. Could you change usage messages for all utilites.
>    We have are a new "module name" parameter for the utils now. If I
> want to change some parameter, I don't know which module name I will
> have to use for it. It's         will be good to see both parameters and
> modules in usage screen ;)

Planned anyway. Tip: leaving it out will almost always do for now, though 
that might disappear later...

> 2. Symlink redirection is very interesting, but it will be better to
> resolve names like "<symlink>/<uid>" and not "<symlink><uid>". It's not
> a good idea to have one             thousand directories (/tmp0,/tmp1
> ... /tmp500,...) under root dir.

The uid is added to the contents of the symlink, not the symlink name itself.

Just make a link like suggested in kernel config help, and you end up in a 
dir with all subdirs:
cd / && mkdir /tmpdir/ && ln -s tmpdir/tmp tmp

> Symlink redirection is a "light"
> redirection, because I still can see all directories. What do you think
>         about "hard" redirection for directories like I made for
> RC-redirection  (in the Castle Beta3) ? ( RC-redirection is now ready
> for intergation, because we have a new             "redirection" flag in
> attributes).

I chose the symlink solution, because every user can always see where access 
will go to. However, you can simply restrict all rights to /tmpdir to SEARCH, 
and explicitly add rights for the subdir, if you do not want people to see 
all of them.

> 3. What do you think about "soft mode" for separate modules?

Interesting, but too much work for now - all administration decisions would 
have to be reworked. What would we really need it for?

Amon.
--
http://www.rsbac.org
-
To unsubscribe from the rsbac list, send a mail to
majordomo@rsbac.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): Re: 1.2.0-pre2 - first tests Stanislav Ievlev
Previous Article (by Date): Bruno Engelmann
Top of Thread: 1.2.0-pre2 - first tests Stanislav Ievlev
Next in Thread: Re: 1.2.0-pre2 - first tests Stanislav Ievlev
Articles sorted by: [Date] [Author] [Subject]

Go to Compuniverse LWGate Home Page.