Problem with Samba - ignoring ACL

Submit your RBAC policies or suggest policy improvements

Moderators: spender, PaX Team

Problem with Samba - ignoring ACL

Postby Jacek » Wed May 11, 2005 5:58 pm

Hi, I've got problem with samba and acl. I wrote a statement for /usr/sbin/smbd like this:

subject /usr/sbin/smbd o {
here i've got permissions to files, but it doesn't matter now.

When i try to use samba(for example smblicent -L host_name), i get an error:

May 12 00:21:14 alfa kernel: grsec: From 213.155.x.x: (default:D:/) denied open of /etc/samba/private/secrets.tdb for reading writing by /usr/sbin/smbd[smbd:5071] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/smbd[smbd:18340] uid/euid:0/0 gid/egid:0/0

My main worry is Grsecurity seems to ignore my statement concern /usr/sbin/smbd - it uses default subject from default role. Why? Is anyone able to help me? :-)
thx you so much.
Posts: 2
Joined: Wed May 11, 2005 5:38 pm

Postby rocky » Wed May 11, 2005 8:00 pm

Can you post your full policy file somehwere?
Posts: 19
Joined: Tue Dec 09, 2003 4:54 am

Postby Jacek » Fri May 13, 2005 3:43 pm

It turned out it was my fault. i did stupid mistake. i had "include" statements in my "policy" file. One of the included files concern chrooted bind (there is named user role ). I added this file in the middle of others "include" statements. As result of this was matching up everything below with named user role.
Posts: 2
Joined: Wed May 11, 2005 5:38 pm

Return to RBAC policy development