Endpoint Administration Guide for UNIX › Protecting Files and Programs › Restricting Access to Files and Directories › How File Protection Works
How File Protection Works
When the seosd daemon starts, it performs the UNIX stat command for each discrete file object defined in the database. It then builds a table in memory that contains an entry for each file object. In addition, for each discrete file, the table contains the file's inode and device; with this information, CA ControlMinder can also protect the hard links to the files because the protection is according to device and inode. The database does not keep information about a file's inode and device.
When creating a new file rule through CA ControlMinder:
- If the file exists in UNIX, CA ControlMinder first performs a stat command for the file and then adds a new entry to the file table with the file's inode and device information.
- If the file does not exist in UNIX, CA ControlMinder adds a new entry of the file's name to the file table (without inode and device information). This entry is the same as the entry for a generic file object. At the same time, the kernel keeps an indication in its internal tables that this file must be checked during creation for inode and device information. When the file is subsequently created, the kernel intercepts its creation and informs seosd of the file's inode and device information so that seosd can update the file's entry in the file table.
When you delete a file, CA ControlMinder deletes its entry in the seosd file table, but the entry remains in the CA ControlMinder database in case you create it again.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|