grsecurity forums


http://forums.grsecurity.net./

Problem on admin role

http://forums.grsecurity.net./viewtopic.php?f=5&t=1079

Page 1 of 1

Problem on admin role

PostPosted: Thu Jan 27, 2005 11:20 am
by Naril
Hi!

I have problem with permisions on admin special role.

I have such error message when I try to add group and I don`t understand it. :

(admin:S:/) denied link of /etc/group.6150 to /etc/group.lock by /usr/sbin/groupadd[groupadd:6150] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:13436] uid/euid:0/0 gid/egid:0/0

My admin role is set like in default config file /etc/grsec/policy so it looks:

role admin sA
subject / r
/ rwcdmxi

What I have to change in my configuration to make it works?


Thanks for any advice :D

PostPosted: Thu Jan 27, 2005 1:23 pm
by vs
Hi,

you have to add a "l" (lowercase "L") to your object flags. Use

/ rwcdmxi l

instead of

/ rwcdmxi

This is a new feature introduced in grsecurity-2.1.0 (look at the sample policy file which is included in the gradm tar ball).

-vs

PostPosted: Fri Jan 28, 2005 5:14 pm
by Naril
Thanks for your good advice :D It works now!
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/