grsecurity forums


https://forums.grsecurity.net./

ksysquard / ksysquardd

https://forums.grsecurity.net./viewtopic.php?f=3&t=1308

Page 1 of 1

ksysquard / ksysquardd

PostPosted: Tue Oct 04, 2005 10:31 am
by Raf256
Hi,
now with grsecurity the ksysquard (and ksysquardd) can not show in example number of packages / rate of sockets.

How to enable it, for this application, while it is beeing run by users in group like can_see_inet? Or by user John, and so on... or in general how to solve this?

What exacly should I do (Im newbie)

PostPosted: Wed Oct 05, 2005 6:18 pm
by spender
Create a group with the gid of the one you specified in the kernel config that can view all processes and network statistics, and add that group as a supplementary group to every user you want to be able to perform such actions.

-Brad

PostPosted: Thu Oct 06, 2005 3:17 am
by Raf256
Thanks Spender, can I do it also more restrictive, so that only certain process will have ability to access this information (in addition to beeing runned by user in specyfic group)?

Also, can I allow some process to have thoes right, or dont have them dispite they beeing run by this user (that belongs to group defined while configuring kernel).

Like /usr/bin/iptraf - always have this right, no matter with user runs it,
and /usr/bin/somegame - never have this right
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/