The RSBAC introduction

Amon Ott

Stanislav Ievlev

Heinrich W. Klöpping

Audience: This book is intended for use by experienced and skilled Unix professionals who wish to install, configure and use RSBAC.

Approach: This book resulted from a project founded on June 28th, 2002 by Amon Ott, Stanislav Ievlev and Henk Klöpping. It provides an introduction to Rule Set Based Access control (RSBAC). If you are new to RSBAC, this book is the place to start reading. It provides an overview of what RSBAC is and how it can be employed. It is aimed at both potential users of RSBAC and programmers that would like to enhance the software by writing their own modules - or even changing the software itself. This book also introduces its companions: The RSBAC cookbook, The RSBAC reference manual, The RSBAC programmers cookbook and The RSBAC programmers reference manual.

To learn where the latest version of this book can be downloaded or read please refer to Section 6.2.

Sources: Our sources of information were (Open Source) material on the Internet, several books, practical experience of the authors , research and programming work done by the authors and others. We try to give credit where due, but are fallible. We apologize.

Caution

While every precaution was made in the preparation of this book, we can assume no responsibility for errors or omissions. When you feel we have not given you proper credit or feel we may have violated your rights or when you have suggestions how we may improve our work please notify us immediately so we can take corrective actions.

Organization of this book: This book has been organised in three parts:

  1. part I - An introduction to RSBAC

  2. part II - An introduction to the other books

  3. part III - An introduction to the RSBAC documentation project

This book was written using the DocBook V3.1/SGML documentation standard.

Copyright © 2003 Amon Ott, Stanislav Ievlev, Henk Klöpping. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License".

Dedication

 

And I said, "You can stop if you want with the Z
Because most people stop with the Z - but not me!
In the places that I go there are things that I see
That I never could spell if I stopped with the Z.
I'm telling you this because you're one of my friends
My alphabet starts where your alphabet ends!

You'll be sort of surprised what there is to be found
Once you go beyond Z and start poking around"
  

 
--Dr Seuss On Beyond Zebra 

Table of Contents
Preface
I. Introducing a safer system
1. An introduction to security issues
1.1. Abstract
1.2. UNIX security related problems
1.3. Workarounds and extensions
1.4. Alternatives for RSBAC
2. RSBAC Introduction
2.1. RSBAC overview
2.2. Architecture
2.3. RSBAC terminology
2.4. RSBAC Objects and Target Types
2.5. RSBAC Requests
2.6. *Inheritance of RSBAC settings
2.7. The security officer
2.8. The RSBAC implementation for Linux
3. The RSBAC models
3.1. The modules/models provided with RSBAC
4. RSBAC installation
4.1. RSBAC installation
II. Introduction to the other RSBAC books
5. Introduction to the other RSBAC books
5.1. Dummy section
5.2. Dummy section
III. An Introduction to the RSBAC documentation project
6. Introduction to The RSBAC documentation project
6.1. The RSBAC documentation project
6.2. First things first
6.3. Project jargon
6.4. How to be a Proofreader
6.5. How to be an Editor
6.6. How to be a Translator
6.7. How to be an Author
6.8. List of project workers
6.9. List of roles of project members
A. GNU Free Documentation License
B. How safe do you want to be?
Bibliography
List of Tables
6-1. List of RSBAC Project Members
6-2. Roles of the RSBAC Project Members
List of Figures
2-1. RSBAC components
PrevHomeNext
The RSBAC library Preface