documentation:different_models:ff
Releases
Current version
Git/Latestdiff: 1.5.6
Latest Snapshots
Produced after each commit or rebase to new upstream version
GIT
RSBAC source code, can be unstable sometimes
Events
No events planned
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| documentation:different_models:ff [2005/10/27 12:20] – michal | documentation:different_models:ff [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ===== File Flags (FF) ===== | ||
| - | |||
| - | This model defines some access flags for files, fifos, symlinks and dirs. Currently, the following flags are supported: | ||
| - | |||
| - | ^Flag | ||
| - | | no_protection | ||
| - | | execute_only | ||
| - | | search_only | ||
| - | | read_only | 1 | FILE, FIFO, SYMLINK, DIR | | | ||
| - | | write_only | 8 | FILE, FIFO, SYMLINK | ||
| - | | secure_delete | ||
| - | | no_execute | 32 | FILE | | | ||
| - | | no_delete_or_rename | 64 | FILE, FIFO, SYMLINK, DIR | new in 1.1.1, not inherited | | ||
| - | | append_only | 256 | FILE, FIFO, SYMLINK | ||
| - | | no_mount | 512 | DIR | Disallows mounting to this dir | | ||
| - | | no_search | 1024 | FILE, DIR, SYMLINK, FIFO | Hides filesystem object completly and denies futher access to it | | ||
| - | | add_inherited | ||
| - | |||
| - | These flags are checked on every access to the given target types. Only users in system_role ' | ||
| - | |||
| - | Please note that the attributes are independent from each other and restrictive: | ||
| - | |||
| - | Flags that are only checked for some target types are ignored for the other ones. This can be used to set e.g. search_only and execute_only on a dir - you can SEARCH (not READ!) in the dir and EXECUTE files in it, but nothing else. | ||
| - | |||
| - | To set more flags on a target you just add (or) their numerical values, for example: add_inherited+read_only = 129. This numerical value is the one used by the administrative tools. | ||
| - | |||
| - | The add_inherited flag is special: If set, the parent dir's flags are added (or'd) to the target' | ||
| - | |||
| - | By default all targets have only add_inherited (128) set. The root of the filesystem by default has no FF restriction, | ||
| - | |||
| - | The following table explains the effects of the flags of the FF module with respect to the action requested on a file or other target. Not all flags are meaningful for all targets. For each request are listed the flags which PREVENT the request to be satisfied, i.e. the flags which forbid the action (from the list are missing the actions related to managing RSBAC and similar). | ||
| - | ^REQUEST | ||
| - | | APPEND_OPEN | ||
| - | | CHANGE_GROUP | ||
| - | | MODIFY_ACCESS_DATA | ||
| - | | MODIFY_PERMISSIONS_DATA | FF_read_only FF_execute_only FF_append_only | | ||
| - | | CHANGE_OWNER | ||
| - | | CHDIR | FF_search_only | | ||
| - | | CREATE | ||
| - | | DELETE | ||
| - | | RENAME | ||
| - | | EXECUTE | ||
| - | | LINK_HARD | ||
| - | | MOUNT FF_read_only | ||
| - | | UMOUNT | ||
| - | | READ FF_execute_only | ||
| - | | READ_OPEN | ||
| - | | READ_WRITE_OPEN | ||
| - | | TRUNCATE | ||
| - | | WRITE_OPEN | ||
| - | | WRITE FF_read_only | ||
| - | |||
| - | Thus for example FF_read_only permits: CHDIR, EXECUTE, READ, READ_OPEN; FF_execute_only permits: CHDIR, EXECUTE, CREATE; FF_write_only permits: WRITE, WRITE_OPEN, LINK_HARD, DELETE, RENAME, CREATE, CHANGE_OWNER, | ||
| - | |||
| - | Obviously since FF_read_only and FF_write_only have an empty intersection, | ||
| - | |||
| - | Example1: | ||
| - | < | ||
| - | Set write_only on a logging dir. | ||
| - | All log files created in that dir inherit the write_only flag, | ||
| - | thus the log can never be read unless the flag is removed. | ||
| - | </ | ||
| - | |||
| - | Example1b: | ||
| - | < | ||
| - | Set append_only on a logging dir. | ||
| - | All log files created in that dir inherit the append_only flag, | ||
| - | thus the log can be read, but writing can only append to the file, unless the flag is removed. | ||
| - | Add flag write_only, if the files should not be read either. | ||
| - | </ | ||
| - | |||
| - | Example2: | ||
| - | < | ||
| - | Set no_execute on /home. | ||
| - | All executables below that dir inherit this flag, | ||
| - | thus no user can execute files from her home directory, unless the flag is removed. | ||
| - | </ | ||
| - | |||
| - | Example3: | ||
| - | < | ||
| - | Set no_delete_or_rename on /home. | ||
| - | User home dirs below can be added, removed and individually protected, | ||
| - | but the parent dir /home cannot be moved or replaced to fake other home dirs for most users. | ||
| - | </ | ||
| - | |||
| - | File Flags should be used, if you need global access settings which are valid for all users. | ||
documentation/different_models/ff.1130415602.txt.gz · Last modified: 2006/05/02 13:40 (external edit)