grsecurity forums

Skip to content

Inheritance question

Submit your RBAC policies or suggest policy improvements
Topic locked

Inheritance question

Postby Kyoshiro » Wed Jan 12, 2005 7:12 am

I see in the default policy that the admin role has full access to the system. The access control for / is rwcdxmil. The policy provided by gradm2 says sshd should be restarted in the admin role, thus denies access to sshd and its init script in the default role.

Given these two information, since there are inheritance in the role admin, I'd like to know if sshd will run in admin role or in default role when I restart it from the admin role. Maybe I need to logout to make sshd switch to default role ?
Kyoshiro
 
Posts: 20
Joined: Thu Aug 12, 2004 5:45 pm
Top

Postby spender » Wed Jan 12, 2005 8:38 pm

That's correct, anything run by the admin in the admin role gains the admin role until the admin does gradm -u or exits his shell.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Top

Postby Kyoshiro » Thu Jan 13, 2005 4:03 am

Okay that's great !
Kyoshiro
 
Posts: 20
Joined: Thu Aug 12, 2004 5:45 pm
Top
Topic locked

Return to RBAC policy development

Powered by phpBB® Forum Software © phpBB Group