Current version
Git/Latestdiff: 1.5.6
Latest Snapshots
Produced after each commit or rebase to new upstream version
GIT
RSBAC source code, can be unstable sometimes
No events planned
This is an old revision of the document!
Back to igraltist's experiences /RSBAC RC
Default RSBAC with RC module is using this roles:
to run the system.
The permission for this roles are predefined. All this roles can be modify. This page show only snippets or some ideas of using the RC module not a whole working setup for a server or desktop.
For a daemon or any script there are always two roles specified.
For example the Apache daemon(names can differ) read configuration files as user with UID 0 (root user) and then switch to UID 33 (www-data). This is a good example for using the RC module. We can use two RC roles. The first RC role for reading the configuration files etc. and the the second RC role for serving the content.
The ``init`` never change to a force role, so therefor no reason to build such one.
Save this as shell script.
# init detached BOOT_ROLE 999999 TYPE=100 ROLE=100 FILE="/sbin/init" NAME="Init" # create role rc_set_item ROLE ${ROLE} name "${NAME}" # set rc_fd_types rc_set_item TYPE ${TYPE} type_netdev_name "${NAME}_NETDEV" rc_set_item TYPE ${TYPE} type_nettemp_name "${NAME}_NETDEV" rc_set_item TYPE ${TYPE} type_netobj_name "${NAME}_NETOBJ" rc_set_item TYPE ${TYPE} type_user_name "${NAME}_User" rc_set_item TYPE ${TYPE} type_group_name "${NAME}_Group" rc_set_item TYPE ${TYPE} type_ipc_name "${NAME}_IPC" rc_set_item TYPE ${TYPE} type_process_name "${NAME}_Process" rc_set_item TYPE ${TYPE} type_fd_name "${NAME}_FD" rc_set_item ROLE ${ROLE} def_user_create_type ${TYPE} rc_set_item ROLE ${ROLE} def_process_create_type ${TYPE} rc_set_item ROLE ${ROLE} def_process_chown_type ${TYPE} rc_set_item ROLE ${ROLE} def_process_execute_type ${TYPE} rc_set_item ROLE ${ROLE} def_ipc_create_type ${TYPE} rc_set_item ROLE ${ROLE} def_group_create_type ${TYPE} rc_set_item ROLE ${ROLE} def_fd_create_type ${TYPE} rc_set_item ROLE ${ROLE} def_fd_ind_create_type ${TYPE} ${TYPE} rc_set_item ROLE ${ROLE} def_unixsock_create_type ${TYPE} # assign init role to file attr_set_file_dir FILE "${FILE}" rc_initial_role ${ROLE}
This setup is now deprecated (25.02.2010)
It can be generated with
rc_get_item -v -p htmlprint > rc_03.05.2009.html
A nice overview