[rsbac] Apache under RSBAC

Arkady A Drovosekov drawa at suct.uu.ru
Fri Apr 9 05:10:59 CEST 2004

On Thu, Apr 08, 2004 at 03:45:34PM -0400, Rob See wrote:
> 	To get used to the way RSBAC works, I'm trying to get apache to run 
> 	as another user id without starting it as root(using roles and 
> capabilities) I've been mostly successful so far, but I've run into a 
> small problem. Apache (under Gentoo) creates its pid file in /var/run 
> (var/run/apache2.pid) Is there any way to set an ACL for a file that 
> doesn't exist yet. Otherwise, the only way I can see to do this is to 
> allow access to the entire directory, or move the pid file to another 
> directory (both of which I want to avoid if at all possible)

attr_set_file_dir DIR "$var" linux_dac_disable 1
acl_grant -r -s -u $init_user RW FD "$var"
Best regards,

More information about the rsbac mailing list