Back to igraltist's experiences / RC Modules

Test Login

Login

To test if its works, login and type,

rc_get_current_role

it's should show the assigned Role of the user.

Next is to test if the correct filepermission is obtain when create a file in the user homedirectory.

touch create_test
ls -la create_test

This should show you the correct filepermission of the logged in user.

Test visit other users homedirectories

Visit

Login as root user.

rc_get_current_role 
rc_get_current_role: current role is 2

Test the ``rc_fd_type`` on home users direcorty As root user:

ls /home/jens
Sun May 10 17:21:10 2009 :<7>0000001387|check_comp_rc(): pid 7966 (ls), owner 0, rc_role 2, DIR rc_type 1000, request   GET_STATUS_DATA -> NOT_GRANTED!
Sun May 10 17:21:10 2009 :<6>0000001388|rsbac_adf_request(): request GET_STATUS_DATA, pid 7966, ppid 1216, prog_name ls, prog_file /bin/ls, uid 0, remote ip 192.168.1.5, target_type DIR, tid Device 254:01 Inode 178471 Path /home/jens, attr none, value none, result NOT_GRANTED by RC

You can see the RC role 2 has no rights on the rc_type_fd 1000 which was created bevor.

The next is,

cat /proc/rsbac-info/rmsg

A ``tail -f /security/log/security-log`` as security user:

Sun May 10 17:26:23 2009 :<7>0000001389|check_comp_rc_scd(): pid 7967 (cat), owner 0, rc_role 2, scd_type 9, request GET_STATUS_DATA -> NOT_GRANTED!
Sun May 10 17:26:23 2009 :<6>0000001390|rsbac_adf_request(): request GET_STATUS_DATA, pid 7967, ppid 1216, prog_name cat, prog_file /bin/cat, uid 0, remote ip 192.168.1.5, target_type SCD, tid rsbac_log, attr none, value none, result NOT_GRANTED by FF RC AUTH ACL