headers
Jens Kasten | 20 May 2012 05:03
Picon

attr_set_user not work

Hi list,

I try to allow the security user to create home directories temporary.
But when I do this:

     attr_set_user security min_cap DAC_OVERRIDE
attr_set_user: Invalid Attribute min_cap!
--

-- 
Mit freundlichen Grüßen

Jens Kasten

http://www.kasten-edv.de
_______________________________________________
rsbac mailing list
rsbac <at> rsbac.org
http://www.rsbac.org/mailman/listinfo/rsbac
Permalink | Reply |
headers
Jens Kasten | 20 May 2012 05:31
Picon

Re: attr_set_user not work

Its was my mistake.

must call min_caps!

I want use an user for update. So I set up this:

cat create_update_user_gentoo.sh
# for using emerge
attr_set_file_dir FILE /usr/lib64/portage/bin/emerge fake_root_uid 3

# allow security user to create home directory
attr_set_user security min_caps DAC_OVERRIDE

# create group and user updater
rsbac_groupadd -g 410 updater
rsbac_useradd -m -d /home/updater -g 410 -u 410 updater

# disabled it again
attr_set_user security min_caps

# set min caps for user updater
attr_set_user updater min_caps CHOWN DAC_OVERRIDE DAC_READ_SEARCH 
FOWNER FSETID MKNOD NET_BIND_SERVICE

# solve this acl request
# request GET_STATUS_DATA, pid 10699, ppid 10696, prog_name sort, 
prog_file /bin/sort, uid 410, remote ip 192.168.1.5, target_type SCD, 
tid priority, attr none, value none, result NOT_GRANTED by ACL
acl_grant USER 410 GET_STATUS_DATA SCD priority
(Continue reading)

Permalink | Reply |

Gmane