[redhat-lspp] LSPP Development Telecon 10/09/2006 Minutes
Thiago Jung Bauermann
bauerman at br.ibm.com
Wed Oct 11 18:31:22 UTC 2006
On Tuesday 10 October 2006 14:19, Loulwa Salem wrote:
> KW: Earlier I made a proposal to not allow regular users from using
> newrole. I know it is ugly but it is the only solution that I see that
> doesn't have security holes. does anyone have a solution that they have
> tested and are confident in. I think I'll try to do a more detailed write
> up. do we want this on selinux or lspp list?
When you say that regular users won't be able to run newrole, are you talking
about SELinux users or DAC users? Does it mean that even staff_u won't be
able to use newrole?
Does that mean that if ssh root logins are disabled, the only way to newrole
is logging in via the machine's console as root?
--
[]'s
Thiago Jung Bauermann
Software Engineer
IBM Linux Technology Center
More information about the redhat-lspp
mailing list