*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->FreeBSD man pages -> ugidfw (8)              
Title
Content
Arch
Section
 

UGIDFW(8)

Contents

NAME    [Toc]    [Back]

     ugidfw -- firewall-like access controls for file system objects

SYNOPSIS    [Toc]    [Back]

     ugidfw list
     ugidfw set rulenum subject [not] [uid uid] [gid gid] object [not]
	    [uid uid] [gid gid] mode arswxn
     ugidfw remove rulenum

DESCRIPTION    [Toc]    [Back]

     The ugidfw utility provides an ipfw(8)-like interface to manage accesses
     to file system objects by UID and GID, supported by the
     mac_bsdextended(4) mac(9) policy.

     The arguments are as follows:

	   list    Produces a list of all the current ugidfw rules in the system.


	   set rulenum subject [not] [uid uid] [gid gid] object [not] [uid
		   uid] [gid gid] mode arswxn
		   Add a new rule or modify an existing rule.  The arguments
		   are as follows:

		   rulenum  Rule number.  Entries with a lower rule number are
			    applied first; placing the most frequently-matched
			    rules at the beginning of the list (i.e. lowernumbered)
 will yield a slight performance
			    increase.

		   subject [not] [uid uid] [gid gid]
			    Subjects performing an operation must match (or,
			    if not is specified, must not match) the user and
			    group specified by uid and/or gid for the rule to
			    be applied.

		   object [not] [uid uid] [gid gid]
			    Objects must be owned by (or, if not is specified,
			    must not be owned by) the user and/or group specified
 by uid and/or gid for the rule to be applied.

		   mode arswxn
			    Similar to chmod(1), each character represents an
			    access mode.  If the rule applies, the specified
			    access permissions are enforced for the object.
			    When a character is specified in the rule, the
			    rule will allow for the operation.	Conversely,
			    not including it will cause the operation to be
			    denied.  The definitions of each character are as
			    follows:

				  a  administrative operations
				  r  read access
				  s  access to file attributes
				  w  write access
				  x  execute access
				  n  none

	   remove rulenum
		   Disable and remove the rule with the specified rule number.

SEE ALSO    [Toc]    [Back]

      
       
     mac_bsdextended(4), mac(9)

HISTORY    [Toc]    [Back]

     The ugidfw utility first appeared in FreeBSD 5.0.

AUTHORS    [Toc]    [Back]

     This software was contributed to the FreeBSD Project by NAI Labs, the
     Security Research Division of Network Associates Inc. under DARPA/SPAWAR
     contract N66001-01-C-8035 (``CBOSS''), as part of the DARPA CHATS
     research program.


FreeBSD 5.2.1		       October 11, 2002 		 FreeBSD 5.2.1
[ Back ]
 Similar pages
Name OS Title
bsde_get_rule_slots FreeBSD file system firewall statistics
bsde_get_rule_count FreeBSD file system firewall statistics
mac_bsdextended FreeBSD file system firewall policy
bsde_parse_rule FreeBSD parse file system firewall rules
bsde_parse_rule_string FreeBSD parse file system firewall rules
bsde_delete_rule FreeBSD file system firewall rules list management
bsde_get_rule FreeBSD file system firewall rules list management
libugidfw FreeBSD library interface to the file system firewall MAC policy
bsde_set_rule FreeBSD file system firewall rules list management
presto Tru64 Controls and monitors the Prestoserve file system accelerator
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service