Current version
Git/Latestdiff: 1.5.6
Latest Snapshots
Produced after each commit or rebase to new upstream version
GIT
RSBAC source code, can be unstable sometimes
No events planned
This is an old revision of the document!
Back to igraltist's experiences/RSBAC ACL
Create a acl group to assing to file /bin/dmesg.
acl_group add_group P Dmesg 2
Add the acl group to the file.
acl_grant GROUP 2 A FILE /bin/dmesg
Remove all default entries from the target file.
acl_mask -s 0 FILE /bin/dmesg
Try the setup.
dmesg -bash: /bin/dmesg: Operation not permitted
Visit the rsbac logfile.
Fri Jul 1 06:09:32 2011 :<6>0000000416|rsbac_adf_request(): request GET_STATUS_DATA, pid 15922, ppid 15921, prog_name bash, prog_file /bin/bash, uid 1000, remote ip 192.168.1.5, target_type FILE, tid Device 253:14 Inode 72435 Path /bin/dmesg, attr none, value none, result NOT_GRANTED by ACL Fri Jul 1 06:09:34 2011 :<6>0000000417|rsbac_adf_request(): request EXECUTE, pid 10231, ppid 15922, prog_name bash, prog_file /bin/bash, uid 1000, remote ip 192.168.1.5, target_type FILE, tid Device 253:14 Inode 72435 Path /bin/dmesg, attr none, value none, result NOT_GRANTED by ACL
The 'ACL' modul offers a good possibility and is easy to use.
This example can easy modify to use on other cases.