wiki:experiences:igraltist:rc
Releases
Current version
Git/Latestdiff: 1.5.6
Latest Snapshots
Produced after each commit or rebase to new upstream version
GIT
RSBAC source code, can be unstable sometimes
Events
No events planned
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
wiki:experiences:igraltist:rc [2012/07/21 22:39] 127.0.0.1 (old revision restored) |
wiki:experiences:igraltist:rc [2012/07/28 11:52] 127.0.0.1 (old revision restored) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| [[wiki:experiences/igraltist#rc|Back to igraltist's experiences /RSBAC RC]] | [[wiki:experiences/igraltist#rc|Back to igraltist's experiences /RSBAC RC]] | ||
| + | |||
| + | |||
| ===== RC Module ====== | ===== RC Module ====== | ||
| - | == RC Testsetup == | ||
| - | Default RSBAC with RC module is used this roles: | + | == Short explanation == |
| + | |||
| + | Default RSBAC with RC module is using this roles: | ||
| *Gerneral_User 0 | *Gerneral_User 0 | ||
| *Role_Admin 1 | *Role_Admin 1 | ||
| Line 11: | Line 14: | ||
| to run the system. | to run the system. | ||
| + | The permission for this roles are predefined. All this roles can be modify. | ||
| + | This page show only snippets or some ideas of using the RC module not a whole working setup for a server or desktop. | ||
| - | The permission for this roles are hardcoded in RSBAC code itself. Otherwise the system wont work. | + | For a daemon or any script there are always two roles specified. |
| - | Bevor set any specific RC role for a service you can detach the default running ``Boot-Role``. | + | - an initial RC role |
| - | For this you can create a Role ``Init``. | + | - a force RC role. |
| - | == Short explanation == | + | For example the Apache daemon(names can differ) read configuration files as user with UID 0 (root user) and then switch to UID 33 (www-data). |
| - | On a binary are always two roles, an initial- and force-role.\\ | + | This is a good example for using the RC module. We can use two RC roles. The first RC role for reading the configuration files etc. and the the second RC role for serving the content. |
| - | The initial-role is used to start a service, for this its need permission to read the necessary configurationfiles.\\ | + | |
| - | The force-role is used to run this service, there is usally no reason for permission to read the configurationfiles as example. | + | |
| - | However, if a service not chown to other user, the process is running alway with the initial-role. | ||
| - | This is surly the case for the init process. | ||
| - | So thatswhy this setup firstly. | ||
| Line 45: | Line 45: | ||
| - | ===== Init ===== | ||
| == RC role for init process == | == RC role for init process == | ||
| - | The ``init`` never change to a force role, so therefor no reason to build such one. | + | The ``init`` never change to a RC force role so therefore no reason to build such one. |
| - | Save this as shell script. | + | Example: |
| <code> | <code> | ||
| # init detached BOOT_ROLE 999999 | # init detached BOOT_ROLE 999999 | ||
| Line 56: | Line 55: | ||
| ROLE=100 | ROLE=100 | ||
| FILE="/sbin/init" | FILE="/sbin/init" | ||
| - | NAME="Init" | + | NAME="INIT_F" # names convention, I use for all RC role upper letters and suffix _F (force role) and _I (initial role) |
| # create role | # create role | ||
wiki/experiences/igraltist/rc.txt · Last modified: 2012/07/28 12:20 by 127.0.0.1