grsecurity forums


https://forums.grsecurity.net./

ACL for /etc/rc.d/init.d/httpd or /usr/sbin/httpd

https://forums.grsecurity.net./viewtopic.php?f=3&t=271

Page 1 of 1

ACL for /etc/rc.d/init.d/httpd or /usr/sbin/httpd

PostPosted: Fri Jan 17, 2003 3:57 am
by hardigunawan
I'm not sure which ACL should I create. /etc/rc.d/init.d/httpd or /usr/sbin/httpd. I'm using redhat.

So far I've seen only ACL for /usr/sbin/httpd is being created. Is there any reason to do so?

Thanks :)

PostPosted: Fri Jan 17, 2003 8:46 am
by spender
well, since putting acls on scripts is ugly, and it allows root to start or stop services, what I do is put ACLs only on the stuff the init scripts start, and enable the ACL system after all the other init scripts are done.

-Brad

PostPosted: Fri Jan 17, 2003 9:40 am
by hardigunawan
I'm not sure I quite understand what you meant.

Do you mean, you are setting the ACL for, let's say Apache, by setting the ACL on /usr/sbin/httpd rather than /etc/rc.d/init.d/httpd? Then you enabled the ACL system after all the init scripts has been run?

But what about if I want to restart the services at will?

PostPosted: Fri Jan 17, 2003 9:57 am
by spender
Then you do it from within admin mode

-Brad
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/