[redhat-lspp] Got up at 5 AM, and thought I would try to write a new role
Daniel J Walsh
dwalsh at redhat.com
Fri Jun 16 20:11:33 UTC 2006
Steve Grubb wrote:
> On Friday 16 June 2006 15:57, Daniel J Walsh wrote:
>
>> I wanted to try to create an auditadm_r.
>>
>
> Didn't you mean httpdadm_r :)
>
> I think we should bust up the systemadm role a little more and make it
> composed of some other roles. RBAC says we are supposed to support
> composition, so we can use it here.
>
> Some other roles might be backup admin, db admin. mail admin.
>
> -Steve
>
backupadm might be pretty tough, since I don't believe we run type
enforcement on any backup tools
so you would need to be able to read/write every file on the system, and
I see little benefit in this.
dbadmin would have to be better defined. IE MySQL/Postgresql/Oracle ...
ditto for mail admin.
Now doing a namedadm_r would be fairly easy.
Maybe even a dhcpd admin, but I am not sure if there would be demand for
those.
More information about the redhat-lspp
mailing list