[webstack-discuss] [security-discuss] Apache 2.2 Service management using RBAC
Glenn Brunette
Glenn.Brunette at Sun.COM
Wed Oct 31 18:19:43 PDT 2007
By "system files" do you mean the contents of /etc/apache2? At
least in Nevada, there is now only one file that is not marked
as editable:
/etc/apache2/httpd.conf-example f none 0644 root bin 16694 30581
1187823644 SUNWapch2r
which I think is a bug and will file one if I do not see one existing.
All of the files (even in Solaris 10) in /etc/apache2 are/should be
editable by end users. If they are not - it is a bug IMHO.
That said, as the author of the BluePrint, I should have noted
that issue in the paper. I would make a note if I ever do an
update to address this point.
g
Jyri Virkki wrote:
> Darren J Moffat wrote:
>> Restricting Service Administration in the Solaris 10 Operating System
>>
>> http://www.sun.com/blueprints/0605/819-2887.pdf
>>
>> That is the recommended approach, it is a superset of what you have done.
>
> Hm, this document also changes (p.10) ownership of system files under
> /etc which are not marked as editable in their package prototype.
>
>
--
Glenn Brunette
Distinguished Engineer
Director, GSS Security Office
Sun Microsystems, Inc.
More information about the webstack-discuss
mailing list