grsecurity forums

[zacek]

I have a question regarding the user ID change. I tried to manualy change the uid/gid of some user (/etc/passwd, /etc/group etc.) but GRsecurity RBAC does not accept this change and the user role (which is specified by the name of the user) is not reattached. Even if the changes were done with disabled RBAC. After the change the RBAC uses the default role instead of the corresponding userrole. Is it possible to make GRsecurity to reload the uid/gid table without system reboot?

I have kernel 2.6.19.2 + corresponding grsecurity patch, but I faced this problem several times in the past (older GR security patches) - when adding a new user with useradd and RBAC loaded.

Thanks in advance for help.

[zacek]

I found out that even after reboot the policy doesn't work. I did the following:

1.) disable RBAC
2.) change uid/gid of the user xxx
3.) reload RBAC

The user role of this user is not used any more and the default rules are used instead.

I have no nscd runnig. Everything else works fine. Just the grsecurity stops using the rules of the user role xxx and uses the default rules.

I have really no idea why. Is there any uid/gid cache in the GRsecurity? Can I make grsecurity to reload passwd?

In the past I faced a similar problem. I added a user with useradd (with RBAC loaded) but the RBAC system didn't understand my rules in the policy for the user. I changed the uid of the user and the policies started to work like by magic.

Does anybody have an idea what am I doing wrong?

Thanks a lot in advance for any suggestions.