I have installed Unix Agent on RHEL 6 server.
In selang, I placed the below script which provides file access to a specific user.
The file was created using 'root' user.
While accessing the file using 'praveen' user, am able to only read the file but not write.
Can anyone help on this.
nr FILE ('/etc/Test.txt') audit(SUCCESS FAILURE) comment('securing critical files') defaccess(READ) owner('root')authorize FILE ('/etc/Test.txt') access(READ WRITE DELETE RENAME CREATE EXECUTE CHOWN CHMOD UTIME SEC CHDIR) uid('praveen')
The PIM agent does not override the unix file permissions.
Do the unix permissions permit praveen to have write access to the file?
What are the unix file permisions - what is the output of ls -l /etc/Test.txt?
Thanks for the reply.
As of now I have provided chmod 777 to the Test.txt file using root user.
[ec2-user@Linux5_SukoorS ~]$ ls -ltr /etc/Test.txt-rwxrwxrwx. 1 root root 46 Sep 7 06:57 /etc/Test.txt
If I provide only Read permission to the file in the Controlminder Policy Script, will it not restrict the user in modifying the file?
AUTHORIZE FILE ('/etc/Test.txt') uid('praveen') ACCESS(READ)
nr FILE ('/etc/Test.txt') audit(SUCCESS FAILURE) comment('securing critical files') defaccess(READ) owner('root')
Will give praveen read only access via defaccess(READ), so the following is redundant.
I should have been a bit clearer with my previous point "The PIM agent does not override the unix file permissions." If a user does not have unix permissions for an operation on a file, PIM cannot give those permissions. Essentially, unix permissions are still in effect when PIM is running, but PIM can provide more granular permissions on top of them.
I hope this makes sense?
You should also be careful about giving 777 unix permissions because this makes it world writiable if PIM is not running for some reason.