[rsbac] some problems with acl and dev
Josh Beagley
rsbac@rsbac.org
Tue Nov 26 06:01:03 2002
> On Sunday, 24. November 2002 11:39, Josh Beagley wrote:
> > Using 1.2.1 with all latest bugfixes and 2.4.19 kernel.
> >
> > Problem: I am attemting to grant a normal user the ability to
> mount cdroms. > I attemtped to allow mount permission to /dev/hdc
> (my cdrom device) for > specified user, but as secoff I get an
> error saying: >
> > rsbac_acl_sys_add_to_acl_entry(): adding rights
> > 000000000000000000000000000000000000000000000000000 for USER
> 1000 to DEV > block 22:00 denied for user 400!
>
> What command did you use? It should look like
>
> acl_grant USER 1000 MOUNT UMOUNT DEV /dev/hdc
>
> What rights does user 400 have?
>
> acl_rights -p -u 400 DEV /dev/hdc
>
> > Is this perhaps the incorrect way of allowing a normal user to
> mount? (All > non-rsbac configuration is correct, eg fstab)
>
> The line of zeroes means that no rights were to be added. This is
> strange in the first place. Still, it should work, if 400 has
> sufficient rights.
>
> > As a side question, in order to get the kernel version to
> display rsbac, > where exactly in the kernel source should i do
> touch Makefile?
>
> Touch the main Makefile, after make menuconfig.
>
> Amon.
> --
> http://www.rsbac.org
> _______________________________________________
> rsbac mailing list
> rsbac@rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac
Oddly enough the command Amon provied wroks fine, and secoff obviously has
sufficent rights as i can now mount as normal user. It was only when using
the menu program that I encountered the error. SPose I should learn the
commands hey :)