farhan90/sys_rbac
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
This is the documentation for SBRACK project DESIGN ------ Since the project was an open ended project with no specification,I decided to implement a very simple role based access model using Linux Security Model framework. In my role based access model I first had to idenitfy the tasks which could be performed on the file system. I decided to have simple tasks or operations like reading,writing,renaming or creating or deleting a file. So i decided to have 3 main ops which are READ, RDWR, CRTDEL. The READ task or op only allows a user to read a file The RDWR task allows someone to read a file, write to a file The CRTDEL tasks allows someone to read,write, create,delete or rename a file So any role can be assigned any of these 3 tasks, which can be performed by the users of that role. BUILDING THE MODULE ------------------- I did not implement my LSM module as a loadable module since I could not use the function register_module to register my security module. To get around the problem I had to built the module as a security module. To compile the module: 1) mkdir sysec in the security folder of the linux source code folder. 2) copy the sys_rbac.c, Kconfig, and Makefile into the sysec folder 3) copy the file Kconfig.security and Makefile.security into Kconfig and Makefile in the security directory 4) replace the .config file in linux source code folder with Kernel.config and rename the file .config 5) Run make, make modules_install and make install USING THE USER PROGRAM ---------------------- The user program source code is in the user_admin.c file. The user_admin executable can be used with these options: ./user_admin -h -- to print usage help ./user_admin -l -- to list all the user created roles ./user_admin -c -- to create a role ./user_admin -a [USER NAME] [ROLE NAME] -- to assign a role to a user WORKFLOW -------- The workflow for the LSM works through the user program. Every time an admin user assigns a role to a regular user, the data is passed to the LSM through the procfs. The LSM module maintains a linked list of all the users and their roles. So when a regular user tries to carry out a task he is not entitled too, he will receive an EPERM error. A problem with this worflow design is that every time the system reboots the kernel module looses all the user data. One solution would be for the module to write the data into a file and on initilization read from that file. But file reading and writing is advised against in the kernel and since the module is built into the kernel reading a large file could slow the kernel down. My work around this would be that the admin user creates backup scripts to assign roles to users.
About
No description, website, or topics provided.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published