On Tue, Jul 17, 2001 at 10:34:16PM +0800, Horatio B. Bogbindero wrote:
> they are not the same thing diba?
looks like it (is not)
> RBAC and RSBAC as i understand is similar to the MS role-based policies.
> this is a good step since the root user does not become an almightly and
> all powerful user.
that is a goal of many system architects now.
you can't trust absolute root to daemons or programs run by the network, and,
you might not want to give sysadmins absolute root.
LIDS does this in another approach, I don't know firsthand since I haven't
tried it.
> anyway, you can have a cheat implementation of this by configuring sudo
> well and throwing away the root password or randomly changing it from
> time to time.
I think it's still a hack, because it's really a 'su' in disguise and I'm
sure someone can break it. For instance, allowing an editor that has a
shell command.
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
