[redhat-lspp] Re: sysadm vs. secadm powers
Linda Knippers
linda.knippers at hp.com
Fri Feb 9 22:53:36 UTC 2007
Klaus Weidner wrote:
> On Wed, Feb 07, 2007 at 10:45:41PM -0200, Klaus Heinrich Kiwi wrote:
>
>>Now that sysadm_r/sysadm_t has supehuman powers, I just wanted to confirm if
>>the following is expected and in conformance with the ToE:
>>
>>role/type | read | write to | run | start/stop
>> | auditd.log | auditd.log | auditctl | auditd
>>sysadm | yes | yes | no | yes
>>secadm | yes | *no* | no | no
>>auditadm | *no* | no | yes | *yes*
>
>
> I'd expect auditadm to be able to read and write the audit log, is the
> current behavior intentional?
I think it was intentional. I think its been that way since the role was
created. Folks wanted a role that could manage the audit system but
not necessary look at the information, if I recall.
-- ljk
More information about the redhat-lspp
mailing list