Difference between revisions of "Resmgr"

From CBLFS
Jump to navigationJump to search
 
(One intermediate revision by one other user not shown)
Line 79: Line 79:
 
== PAM Rule ==
 
== PAM Rule ==
  
By default most, if not all, of the [[Linux-PAM]] rules include '''system-auth''. By adding '''pam_resmgr.so''' to this file we're ensuring it gets loaded regardless of the service. If you do not want this you can add it to the individual service you wish to grant privleges, eg. just the display manager.
+
By default most, if not all, of the [[Linux-PAM]] rules include '''system-auth''. By adding '''pam_resmgr.so''' to this file we're ensuring it gets loaded regardless of the service. If you do not want this you can add it to the individual service you wish to grant privileges, eg. just the display manager.
  
 
  echo "session    optional    pam_resmgr.so" >> /etc/pam.d/system-auth
 
  echo "session    optional    pam_resmgr.so" >> /etc/pam.d/system-auth
Line 136: Line 136:
 
* Installed Libraries: libresmgr.so.{{Resmgr-Version}} pam_resmgr.so
 
* Installed Libraries: libresmgr.so.{{Resmgr-Version}} pam_resmgr.so
 
* Installed Directories:
 
* Installed Directories:
 +
 +
[[Category:Security]]

Latest revision as of 17:35, 5 July 2008

Download Source: ftp://ftp.lst.de/pub/people/okir/resmgr/resmgr-1.0.tar.bz2

Introduction to Resmgr

Resmgr will provide unprivileged users access to device files via ACLs.

Project Homepage: http://rechner.lst.de/~okir/resmgr/

Dependencies

Required

Non-Multilib

Compile the package:

sed -i "1i\#include <sys/syslog.h>" pam_resmgr.c &&
make

Install the package

make install &&
ln -sfv libresmgr.so.1.0 /lib/libresmgr.so

Multilib

32Bit

Compile the package:

sed -i "1i\#include <sys/syslog.h>" pam_resmgr.c &&
make CC="gcc ${BUILD32}"

Install the package

make install &&
ln -sfv libresmgr.so.1.0 /lib/libresmgr.so

N32

Compile the package:

sed -i "1i\#include <sys/syslog.h>" pam_resmgr.c &&
make CC="gcc ${BUILDN32}"

Install the package

make LIBDIR=/lib32 PAMDIR=/lib32/security install &&
ln -sfv libresmgr.so.1.0 /lib32/libresmgr.so

64Bit

Compile the package:

sed -i "1i\#include <sys/syslog.h>" pam_resmgr.c &&
make CC="gcc ${BUILD64}"

Install the package

make LIBDIR=/lib64 PAMDIR=/lib64/security install &&
ln -sfv libresmgr.so.1.0 /lib64/libresmgr.so

Configuring

A good place to start reading about configuring resmgr would be man resmgr.conf and man pam_resmgr. The resmgr.conf man page has the following in it:

For example, the following statements for the resource class desktop will deny access to users uucp and news, but grant access to everyone in group wheel, and everyone else as long as they're logged in at the console or a local X11 session:

deny  desktop user=uucp || user=news
allow desktop group=wheel
allow desktop tty=/dev/tty[0-9]* || tty=:0

This would be a good time to edit /etc/resmgr.conf and set the rules according to your needs.

PAM Rule

By default most, if not all, of the Linux-PAM rules include system-auth. By adding pam_resmgr.so' to this file we're ensuring it gets loaded regardless of the service. If you do not want this you can add it to the individual service you wish to grant privileges, eg. just the display manager.

echo "session    optional     pam_resmgr.so" >> /etc/pam.d/system-auth

Bootscript

Create the bootscript:

cat > /etc/rc.d/init.d/resmgrd << "EOF"
#!/bin/sh
# Begin $rc_base/init.d/resmgrd

. /etc/sysconfig/rc
. ${rc_functions}

case "${1}" in
        start)
                boot_mesg "Starting resmgrd..."
                loadproc /sbin/resmgrd
                ;;

        stop)
                boot_mesg "Stopping resmgrd..."
                killproc /sbin/resmgrd
                ;;

        restart)
                ${0} stop
                sleep 1
                ${0} start
                ;;

        status)
                statusproc /sbin/resmgrd
                ;;

        *)
                echo "Usage: ${0} {start|stop|restart|status}"
                exit 1
                ;;
esac

# End $rc_base/init.d/resmgrd
EOF
chmod -v 754 /etc/rc.d/init.d/resmgrd

Link it into the runlevels:

for link in /etc/rc.d/rc{{0,1,6}.d/K50,{2,3,4,5}.d/S15}resmgrd; do
  ln -sfv ../init.d/resmgrd $link;
done

Contents

  • Installed Programs: resmgr resmgrd
  • Installed Libraries: libresmgr.so.1.0 pam_resmgr.so
  • Installed Directories:
Retrieved from "?title=Resmgr&oldid=14621"