[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [redhat-lspp] Re: Re: sysadm vs. secadm powers



Klaus Heinrich Kiwi wrote:
<posted & mailed>

Daniel J Walsh wrote:

Linda Knippers wrote:
Klaus Weidner wrote:
On Wed, Feb 07, 2007 at 10:45:41PM -0200, Klaus Heinrich Kiwi wrote:

Now that sysadm_r/sysadm_t has supehuman powers, I just wanted to
confirm if the following is expected and in conformance with the ToE:

role/type       |      read     |    write to   |      run      |
start/stop
               |   auditd.log  |   auditd.log  |    auditctl   | auditd
sysadm          |       yes     |       yes     |       no      | yes
secadm          |       yes     |       *no*    |       no      | no
auditadm        |       *no*    |       no      |       yes     | *yes*
Auditadm can read the auditd.log and write it but needs to be logged in
at SystemHigh to be able to do it.
Please let me know if I'm doing something wrong:

-bash-3.1# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),
(disk),10(wheel) context=staff_u:auditadm_r:auditadm_t:s0-s15:c0.c1023

You need to be SystemHigh-SystemHigh.

Mike


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]