[rsbac] auth set
Amon Ott
ao at rsbac.org
Mon Jan 22 09:08:55 CET 2007
On Sonntag 21 Januar 2007 21:33, Jens Kasten wrote:
> i have the follow logging
> /* Sun Sep 17 06:05:12 2006 :<6>0202899220|rsbac_adf_request():
request
> CHANGE_DAC_FS_OWNER, pid 16017, ppid 1,
> prog_name master, prog_file /usr/lib/postfix/master,
> uid 0, remote ip 192.168.1.5, target_type PROCESS,
> tid 16017, attr owner, value 103, result NOT_GRANTED (Softmode) by
AUTH */
>
> but when i set like this,
> auth_set_cap -f PROCESS add /usr/lib/postfix/master 103
> i get this,
> Error: RSBAC_EINVALIDTARGET
You set the cap at the program file, not the process:
auth_set_cap FILE /usr/lib/postfix/master 103
After restarting postfix, master runs with the correct set. BTW, many
postfix helper programs need this cap, so in RSBAC 1.3 you could also
auth_set_cap DIR /usr/lib/postfix 103
to get the cap set inherited to all programs in that dir.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list