Problem on admin role

Submit your RBAC policies or suggest policy improvements

Problem on admin role

Postby Naril » Thu Jan 27, 2005 11:20 am

Hi!

I have problem with permisions on admin special role.

I have such error message when I try to add group and I don`t understand it. :

(admin:S:/) denied link of /etc/group.6150 to /etc/group.lock by /usr/sbin/groupadd[groupadd:6150] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:13436] uid/euid:0/0 gid/egid:0/0

My admin role is set like in default config file /etc/grsec/policy so it looks:

role admin sA
subject / r
/ rwcdmxi

What I have to change in my configuration to make it works?


Thanks for any advice :D
Naril
 
Posts: 4
Joined: Thu Jan 27, 2005 11:13 am

Postby vs » Thu Jan 27, 2005 1:23 pm

Hi,

you have to add a "l" (lowercase "L") to your object flags. Use

/ rwcdmxi l

instead of

/ rwcdmxi

This is a new feature introduced in grsecurity-2.1.0 (look at the sample policy file which is included in the gradm tar ball).

-vs
vs
 
Posts: 22
Joined: Sun Jan 09, 2005 11:11 am

Postby Naril » Fri Jan 28, 2005 5:14 pm

Thanks for your good advice :D It works now!
Naril
 
Posts: 4
Joined: Thu Jan 27, 2005 11:13 am


Return to RBAC policy development

cron