Restricting based on uid

Submit your RBAC policies or suggest policy improvements

Restricting based on uid

Postby ether » Wed Jan 08, 2003 7:55 pm

Is it possible to restrict access to certain files based on the uid of the user attempting to access them? For example, I would like to hide /sbin/gradm from normal users, but not root.

By the way, I am a brand new user of grsecurity and would like to personally thank the authors for an extremely useful tool. I was spending painstaking hours trying to get LIDS to work on a system that seemed to reject it no matter what.

It's great to have found a better alternative to LIDS where people actually develop the code more than once a year!

Thank you!
-Michael
ether
 
Posts: 14
Joined: Wed Jan 08, 2003 7:52 pm

Postby spender » Thu Jan 09, 2003 9:46 am

I'm working on implementing roles this week. My new parser is all done, and now I just have to add the userspace and kernel code to handle the roles. When that is done, you'll be able to give a whole different set of ACLs to a uid or gid (and eventually there will also be support for "special" roles)

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm


Return to RBAC policy development