Enabling RBAC from Non-Root User

Submit your RBAC policies or suggest policy improvements

Moderators: spender, PaX Team

Enabling RBAC from Non-Root User

Postby skylearner » Wed Jun 29, 2011 3:16 am

Hi

I have logged into my system with a non-root user credentials. I have also checked the RBAC status with "gradm -S". It says
Code: Select all
[user1@osndev6 dev]$ gradm -S
The RBAC system is currently disabled.


Now I have given "gradm -E" to unable RBAC. I am getting the following error.

Code: Select all
[user1@osndev6 dev]$ gradm -E
Error changing directory to /etc/grsec
Error: Permission denied

I need to log into root to enable or disable RBAC. But my requirement is to be able to enable and disable RBAC from any user ( root or non-root) Please do let me know what I need to resolve this.

Thanks
Skylearner

PS : I have added "G" in the role mode for this user
skylearner
 
Posts: 6
Joined: Wed Jun 01, 2011 2:51 am

Re: Enabling RBAC from Non-Root User

Postby spender » Wed Jun 29, 2011 8:02 pm

The RBAC system cannot be enabled by a non-root user. To allow such a thing would be a security risk (you could deny other users access to their own files, and prevent root from stopping you).

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Location: VA, USA

Re: Enabling RBAC from Non-Root User

Postby skylearner » Mon Jul 04, 2011 2:56 am

Thank you MR Spender
skylearner
 
Posts: 6
Joined: Wed Jun 01, 2011 2:51 am


Return to RBAC policy development