Virtual Users

A place to submit your RBAC policies and generate ideas for better ones

Moderators: spender, PaX Team

Virtual Users

Postby j0hn » Tue Jan 18, 2005 10:48 am

Hi, I am using glFTPd and I try to create some access restrictions.
But there is a problem: glFTPd has got its own passwd file,
and its own uids/gids.
On login it changes its uid/gid from user root to the virtual one from /glftpd/etc/passwd.
The conflict:
in /glftpd/etc/group: glSTAFF (gid: 100)
in my real /etc/group: users (gid: 100)

I built rules on role default for glFTPd, to match all users.
When I add a user in glFTPd to group glSTAFF, then it will get the role of group users (gid 100 real), not default role.

Could this be solved without being forced to make sure no uid/gid exists twice ? (I wouldn't like to do so)

Is it possible to force user role root to keep the current acl on chuid ?
For example if you are user root, and you do a su ..., then you should not get the role of user ..., instead you keep the acl from root.

Help would be very appreciated.
j0hn
 
Posts: 2
Joined: Tue Jan 18, 2005 10:16 am

Return to RBAC policy development