Discover Security Projects News
RSBAC 1.4.0 released
Amon Ott says: Rule Set Based Access Control (RSBAC) 1.4.0 has been released for both Linux kernels 2.4.37 and 126.96.36.199. RSBAC 1.4 mainly introduces the new Virtual User Management feature which allows to isolate complete sets of users in so-called "virtual sets". Every user in every set can have individual passwords and access rights. Click-through to see the whole announcement, and to leave your opinions of RSBAC. Do you use it? If so, why?
Date: Fri, 16 Jan 2009 09:55:09 +0100 From: Amon Ott Subject: Announce: RSBAC 1.4.0 released Rule Set Based Access Control (RSBAC) 1.4.0 has been released for both Linux kernels 2.4.37 and 188.8.131.52 You can download the new version from https://www.rsbac.org RSBAC is one of the leading access control systems for the Linux kernel with a good selection of access control models, see https://www.rsbac.org/why for more details. Important changes since 1.3 series: * VUM (Virtual User Management) support (https://rsbac.org/redir.php?t=vum) * One time password support for user management (https://rsbac.org/redir.php?t=otp) * Code for kernels 2.4 and 2.6 has been separated. 2.4 kernels might be phased out at a later date. * PAM module does not send a message "User not authenticated" anymore if authentication failed. (To match other PAM modules behavior) * Made PAM password prompt standard and definable to RSBAC's custom prompt if the user wants it only. * rsbac_useradd -K to copy a user with password. * rsbac_mount now uses kernel's vfs_mount About RSBAC 1.4: ---RSBAC 1.4 mainly introduces the new Virtual User Management feature ( (https://rsbac.org/redir.php?t=vum), which allows to isolate complete sets of users in so-called "virtual sets". Every user in every set can have individual passwords and access rights. As an example, you can start your mail server in a different set, and the users getting the email will not be part of the system users. Likewise, your jails can be started in a different set, so that the users in that jail will never be the same ones as the real system users. You can specify the user set with the usual tools by specifying the full user path, e.g.: 0/0 defines user id 0 (root) in virtual set 0 (eg system user root) 0/1000 defines user id 1000 in virtual set 0 (eg a system user) 1/secoff defines user secoff in virtual set 1 (e.g. with uid 400) 2/1000 defines user id 1000 in virtual set 2 (for example, mail users could be in set 2) Amon.