Endpoint Administration Guide for UNIX › Protecting Files and Programs › Restricting Access to Files and Directories › How File Protection Works

How File Protection Works

When the seosd daemon starts, it performs the UNIX stat command for each discrete file object defined in the database. It then builds a table in memory that contains an entry for each file object. In addition, for each discrete file, the table contains the file's inode and device; with this information, CA Access Control can also protect the hard links to the files because the protection is according to device and inode. The database does not keep information about a file's inode and device.

When creating a new file rule through CA Access Control:

• If the file exists in UNIX, CA Access Control first performs a stat command for the file and then adds a new entry to the file table with the file's inode and device information.
• If the file does not exist in UNIX, CA Access Control adds a new entry of the file's name to the file table (without inode and device information). This entry is the same as the entry for a generic file object. At the same time, the kernel keeps an indication in its internal tables that this file must be checked during creation for inode and device information. When the file is subsequently created, the kernel intercepts its creation and informs seosd of the file's inode and device information so that seosd can update the file's entry in the file table.

When you delete a file, CA Access Control deletes its entry in the seosd file table, but the entry remains in the CA Access Control database in case you create it again.