[grsec] Another ACL question
spender at grsecurity.net
spender at grsecurity.net
Thu Dec 9 09:31:40 EST 2004
> There were a lot more commands exercised and there are other subjects in
> root.
If you cat the log file, you can see which application was running them.
It was most likely a root-run cron script. This kind of situation will
be handled with the changes I'm making involving the learning
configuration file, so that cron's accesses won't be placed into the
normal usage of the root user. This would involve doing learning with
inheritance for cron.
> If I want a minimal root that is essentially like an ordinary user with a
> role_transition to admin, can I remove them from root or will that disable
> them completely for all users? Or should they be moved to the default
> role - although there is only a housekeeping difference as far as I can
> see as they will still execute as root but under a default role.
Check what app is executing them, and set up inheritance rules, so that
permission is granted only when that app executes them, not when a user
in general executes them.
-Brad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://grsecurity.net/pipermail/grsecurity/attachments/20041209/7891e843/attachment.pgp
More information about the grsecurity
mailing list