31 lines
1.2 KiB
Diff
31 lines
1.2 KiB
Diff
From b4618d133f473b9bbc36f2a5e94b8b0f257ba3e0 Mon Sep 17 00:00:00 2001
|
|
From: Radovan Sroka <rsroka@redhat.com>
|
|
Date: Fri, 5 Aug 2022 14:49:30 +0200
|
|
Subject: [PATCH] Add mention that using of names requires name resolution
|
|
|
|
- using of user and group names as uid and gid attributes
|
|
requires correct name resolution
|
|
|
|
Signed-off-by: Radovan Sroka <rsroka@redhat.com>
|
|
---
|
|
README.md | 6 ++++++
|
|
1 file changed, 6 insertions(+)
|
|
|
|
diff --git a/README.md b/README.md
|
|
index d932e00..abc5eee 100644
|
|
--- a/README.md
|
|
+++ b/README.md
|
|
@@ -131,6 +131,12 @@ You can similarly do this for trusted users that have to execute things in
|
|
the home dir. You can create a trusted_user group, add them the group,
|
|
and then write a rule allowing them to execute from their home dir.
|
|
|
|
+When you want to use user or group name (as a string). You have to guarantee
|
|
+that these names were correctly resolved. In case of systemd, you need to add
|
|
+a new after target 'After=nss-user-lookup.target'.
|
|
+To achieve that you can use `systemctl edit --full fapolicyd`,
|
|
+uncomment the respective line and save the change.
|
|
+
|
|
```
|
|
allow perm=any gid=trusted_user : ftype=%languages dir=/home
|
|
deny_audit perm=any all : ftype=%languages dir=/home
|