wiki:experiences:igraltist:acl-su
=>  Releases

Current version
Git/Latestdiff: 1.5.6

Latest Snapshots
Produced after each commit or rebase to new upstream version

GIT
RSBAC source code, can be unstable sometimes

=>  Events

No events planned

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision Both sides next revision
wiki:experiences:igraltist:acl-su [2012/07/21 21:58]
127.0.0.1 (old revision restored)
wiki:experiences:igraltist:acl-su [2012/07/21 21:58]
127.0.0.1 (old revision restored)
Line 44: Line 44:
  
  
-===== 12. Example to prevent an user to use dmesg ===== 
-Create a acl group to assing to file /​bin/​dmesg. ​ 
-<code bash> 
-acl_group add_group P Dmesg 2 
-</​code>​ 
  
-Add the acl group to the file. 
-<code bash> 
-acl_grant GROUP  2 A FILE /bin/dmesg 
-</​code>​ 
  
-Remove all default entries from the target file. 
-<code bash> 
-acl_mask -s 0 FILE  /bin/dmesg 
-</​code>​ 
- 
-Try the setup. 
-<code bash> 
-dmesg 
--bash: /bin/dmesg: Operation not permitted 
-</​code>​ 
- 
-Visit the rsbac logfile. 
-<code bash> 
-Fri Jul  1 06:09:32 2011 :<​6>​0000000416|rsbac_adf_request():​ request GET_STATUS_DATA,​ pid 15922, ppid 15921, prog_name bash, prog_file /bin/bash, uid 1000, remote ip 192.168.1.5,​ target_type FILE, tid Device 253:14 Inode 72435 Path /bin/dmesg, attr none, value none, result NOT_GRANTED by ACL 
-Fri Jul  1 06:09:34 2011 :<​6>​0000000417|rsbac_adf_request():​ request EXECUTE, pid 10231, ppid 15922, prog_name bash, prog_file /bin/bash, uid 1000, remote ip 192.168.1.5,​ target_type FILE, tid Device 253:14 Inode 72435 Path /bin/dmesg, attr none, value none, result NOT_GRANTED by ACL 
-</​code>​ 
  
 ===== Conclusion ===== ===== Conclusion =====
//
wiki/experiences/igraltist/acl-su.txt · Last modified: 2012/07/21 21:58 by 127.0.0.1

wiki/experiences/igraltist/acl-su.txt · Last modified: 2012/07/21 21:58 by 127.0.0.1
This website is kindly hosted by m-privacy