RBAC policy for normal system behaviour
Posted: Mon Jan 07, 2008 2:05 pm
Hello,
is it possible, without knowing about usernames and possible actions, to write an RBAC policy file that allows every user to perform exactly the same actions as on the same machine without RBAC?
I thought that the following short policy file would do the job:
role admin sA
subject / rvka
/ rwacdmlxi
role default G
role_transitions admin
subject /
/ rwacdmlxi
And it seems it does. But when I want to disable RBAC and type in my password, I get the error message "Invalid password." I am sure that I did not mistype my password for so many times.
Does my policy file do what I want? And why can I not disable RBAC after I have enabled it with that policy?
Regards
Christoph
is it possible, without knowing about usernames and possible actions, to write an RBAC policy file that allows every user to perform exactly the same actions as on the same machine without RBAC?
I thought that the following short policy file would do the job:
role admin sA
subject / rvka
/ rwacdmlxi
role default G
role_transitions admin
subject /
/ rwacdmlxi
And it seems it does. But when I want to disable RBAC and type in my password, I get the error message "Invalid password." I am sure that I did not mistype my password for so many times.
Does my policy file do what I want? And why can I not disable RBAC after I have enabled it with that policy?
Regards
Christoph