2 questions

Submit your RBAC policies or suggest policy improvements

2 questions

Postby superbock » Thu Apr 24, 2003 1:45 pm

Hi!

First:

Let's say i have this user (xpto) belonging to this group (users).
I also have a user role for xpto and a group role for users.
Is xpto affected by both roles or just the user role?

Second:

Considering this acl:

/usr/bin
/usr/bin/*

A 'ls' on /usr/bin shows lots of symlinks, which obviously don't work, but it shows the "physical" presence of real files. Can this be prevented?

Using 2.0pre3

Thanks in advance
superbock
 
Posts: 37
Joined: Sun Mar 31, 2002 6:34 pm

Postby spender » Thu Apr 24, 2003 4:52 pm

The role lookups first try to find a user role, then a group role, then use the default role. Thus, in your case, it's the user role that matters.

I'm not sure I understand your second question. Do you want to hide what's in /usr/bin?

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby superbock » Mon Apr 28, 2003 2:08 pm

I gave /usr/bin as an example.

I undestand that symlinks show up if u give read permission for the real file, but i see symlinks that, as far as i can tell, have no relation with files i've given permission to be seen.
superbock
 
Posts: 37
Joined: Sun Mar 31, 2002 6:34 pm

Postby spender » Sun May 04, 2003 9:22 pm

There's a problem with globbing and symlinks. I'm working on fixing it right now.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby spender » Sun May 04, 2003 9:50 pm

It's fixed in current CVS. The bug in gradm wasn't present in 1.9.9*. It was a stat/lstat typo.
Thanks for pointing it out

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Postby superbock » Wed May 07, 2003 10:08 am

Great!

And it is I who thanks :)
superbock
 
Posts: 37
Joined: Sun Mar 31, 2002 6:34 pm


Return to RBAC policy development