ACL: read perm -> hidden; no perm -> viewable

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

ACL: read perm -> hidden; no perm -> viewable

Postby meyerm » Wed Sep 25, 2002 5:42 am

Hi out there,

I'm still a small newbie when it comes to grsecurtiy, but I'm doing my best to learn. :-)

I just created an ACL for my sshd. /home is a link to /var/home (there are reasons for this ;-) ), which is mounted rw, / is mounted ro. Inside the ACL I have
"/home "
"/home/lxadmin/.ssh/authorized_keys r"
"/ h"
(I don't yet know if wildcards like "/home/*/.ssh/authorized_keys" are possible/advisable)

When I now try to login, grsec always says, sshd tried to access the hidden(!) file 08:01:246 (=/home). But when I remove the "r" behind the key-file, it claims that sshd tried to access this file for reading (complete file name).

Even when I put
"/home rwx"
"/home/lxadmin/.ssh/authorized_keys rwx"
"/var rwx"
"/var/home rwx"
"/var/home/lxadmin/.ssh/authorized_keys rwx"
"/ h"
into the ACL, it doesn't change anything (still trying the hidden file inode 246=/home). The only possibility to login passwordless I've found so far is changing the "h" of "/" to "r" (setting it to <nothing> didn't work either).

Ahh, what stupid mistake have I done? I'm using 1.9.7 with gradm 1.5.

Thank you,
Marcel

PS: I sent this message also to the mailinglist. I'm quite confused which is the "official" way. :-) Shall I send to the ml or prefer the forum?
meyerm
 
Posts: 15
Joined: Mon Sep 23, 2002 11:06 am

Return to grsecurity support