Difference between revisions of "Resmgr"

From CBLFS
Jump to navigationJump to search
(Configuring)
 
(6 intermediate revisions by 2 users not shown)
Line 7: Line 7:
 
----
 
----
  
== Introduction to Resmgr ==
+
{{Package-Introduction|Resmgr will provide unprivileged users access to device files via ACLs.|http://rechner.lst.de/~okir/resmgr/}}
 
 
Resmgr will provide unprivileged users access to device files via ACLs.
 
  
 
== Dependencies ==
 
== Dependencies ==
Line 25: Line 23:
 
Install the package
 
Install the package
  
  make install
+
  make install &&
 +
ln -sfv libresmgr.so.{{Resmgr-Version}} /lib/libresmgr.so
  
 
== Multilib ==
 
== Multilib ==
Line 31: Line 30:
 
=== 32Bit ===
 
=== 32Bit ===
  
  Todo...
+
Compile the package:
 +
 
 +
  sed -i "1i\#include <sys/syslog.h>" pam_resmgr.c &&
 +
make CC="gcc ${BUILD32}"
 +
 
 +
Install the package
 +
 
 +
make install &&
 +
ln -sfv libresmgr.so.{{Resmgr-Version}} /lib/libresmgr.so
  
 
=== N32 ===
 
=== N32 ===
  
  Todo...
+
Compile the package:
 +
 
 +
  sed -i "1i\#include <sys/syslog.h>" pam_resmgr.c &&
 +
make CC="gcc ${BUILDN32}"
 +
 
 +
Install the package
 +
 
 +
make LIBDIR=/lib32 PAMDIR=/lib32/security install &&
 +
ln -sfv libresmgr.so.{{Resmgr-Version}} /lib32/libresmgr.so
  
 
=== 64Bit ===
 
=== 64Bit ===
  
  Todo...
+
 
 +
Compile the package:
 +
 
 +
  sed -i "1i\#include <sys/syslog.h>" pam_resmgr.c &&
 +
make CC="gcc ${BUILD64}"
 +
 
 +
Install the package
 +
 
 +
make LIBDIR=/lib64 PAMDIR=/lib64/security install &&
 +
ln -sfv libresmgr.so.{{Resmgr-Version}} /lib64/libresmgr.so
  
 
== Configuring ==
 
== Configuring ==
Line 55: Line 79:
 
== PAM Rule ==
 
== PAM Rule ==
  
By default most, if not all, of the [[Linux-PAM]] rules include '''system-auth''. By adding '''pam_resmgr.so''' to this file we're ensuring it gets loaded regardless of the service. If you do not want this you can add it to the individual service you wish to grant privleges, eg. just the display manager.
+
By default most, if not all, of the [[Linux-PAM]] rules include '''system-auth''. By adding '''pam_resmgr.so''' to this file we're ensuring it gets loaded regardless of the service. If you do not want this you can add it to the individual service you wish to grant privileges, eg. just the display manager.
  
 
  echo "session    optional    pam_resmgr.so" >> /etc/pam.d/system-auth
 
  echo "session    optional    pam_resmgr.so" >> /etc/pam.d/system-auth
Line 99: Line 123:
 
  # End $rc_base/init.d/resmgrd
 
  # End $rc_base/init.d/resmgrd
 
  EOF
 
  EOF
 +
chmod -v 754 /etc/rc.d/init.d/resmgrd
  
 
Link it into the runlevels:
 
Link it into the runlevels:
Line 111: Line 136:
 
* Installed Libraries: libresmgr.so.{{Resmgr-Version}} pam_resmgr.so
 
* Installed Libraries: libresmgr.so.{{Resmgr-Version}} pam_resmgr.so
 
* Installed Directories:
 
* Installed Directories:
 +
 +
[[Category:Security]]

Latest revision as of 17:35, 5 July 2008

Download Source: ftp://ftp.lst.de/pub/people/okir/resmgr/resmgr-1.0.tar.bz2

Introduction to Resmgr

Resmgr will provide unprivileged users access to device files via ACLs.

Project Homepage: http://rechner.lst.de/~okir/resmgr/

Dependencies

Required

Non-Multilib

Compile the package:

sed -i "1i\#include <sys/syslog.h>" pam_resmgr.c &&
make

Install the package

make install &&
ln -sfv libresmgr.so.1.0 /lib/libresmgr.so

Multilib

32Bit

Compile the package:

sed -i "1i\#include <sys/syslog.h>" pam_resmgr.c &&
make CC="gcc ${BUILD32}"

Install the package

make install &&
ln -sfv libresmgr.so.1.0 /lib/libresmgr.so

N32

Compile the package:

sed -i "1i\#include <sys/syslog.h>" pam_resmgr.c &&
make CC="gcc ${BUILDN32}"

Install the package

make LIBDIR=/lib32 PAMDIR=/lib32/security install &&
ln -sfv libresmgr.so.1.0 /lib32/libresmgr.so

64Bit

Compile the package:

sed -i "1i\#include <sys/syslog.h>" pam_resmgr.c &&
make CC="gcc ${BUILD64}"

Install the package

make LIBDIR=/lib64 PAMDIR=/lib64/security install &&
ln -sfv libresmgr.so.1.0 /lib64/libresmgr.so

Configuring

A good place to start reading about configuring resmgr would be man resmgr.conf and man pam_resmgr. The resmgr.conf man page has the following in it:

For example, the following statements for the resource class desktop will deny access to users uucp and news, but grant access to everyone in group wheel, and everyone else as long as they're logged in at the console or a local X11 session:

deny  desktop user=uucp || user=news
allow desktop group=wheel
allow desktop tty=/dev/tty[0-9]* || tty=:0

This would be a good time to edit /etc/resmgr.conf and set the rules according to your needs.

PAM Rule

By default most, if not all, of the Linux-PAM rules include system-auth. By adding pam_resmgr.so' to this file we're ensuring it gets loaded regardless of the service. If you do not want this you can add it to the individual service you wish to grant privileges, eg. just the display manager.

echo "session    optional     pam_resmgr.so" >> /etc/pam.d/system-auth

Bootscript

Create the bootscript:

cat > /etc/rc.d/init.d/resmgrd << "EOF"
#!/bin/sh
# Begin $rc_base/init.d/resmgrd

. /etc/sysconfig/rc
. ${rc_functions}

case "${1}" in
        start)
                boot_mesg "Starting resmgrd..."
                loadproc /sbin/resmgrd
                ;;

        stop)
                boot_mesg "Stopping resmgrd..."
                killproc /sbin/resmgrd
                ;;

        restart)
                ${0} stop
                sleep 1
                ${0} start
                ;;

        status)
                statusproc /sbin/resmgrd
                ;;

        *)
                echo "Usage: ${0} {start|stop|restart|status}"
                exit 1
                ;;
esac

# End $rc_base/init.d/resmgrd
EOF
chmod -v 754 /etc/rc.d/init.d/resmgrd

Link it into the runlevels:

for link in /etc/rc.d/rc{{0,1,6}.d/K50,{2,3,4,5}.d/S15}resmgrd; do
  ln -sfv ../init.d/resmgrd $link;
done

Contents

  • Installed Programs: resmgr resmgrd
  • Installed Libraries: libresmgr.so.1.0 pam_resmgr.so
  • Installed Directories:
Retrieved from "?title=Resmgr&oldid=14621"