Sometimes it is convenient to define a FILE record that has no owner. To define a FILE record that does not have an owner in selang, use the special owner “nobody.”
For example, to define the file /tmp/binary.bkup as a protected file and prevent all users from accessing the file, enter the following selang command:
newres FILE /tmp/binary.bkup owner(nobody) defaccess(N)
This newres command ensures that even the user who defined the command, whether root or otherwise, cannot access the file. After preventing all users from accessing a file, you must usually grant one or more users access to that file explicitly.
To explicitly permit a user access to a protected file, use the authorize command. For example, to grant the user “userJo” update access to all files in the /tmp directory beginning with Jo, enter the selang command:
authorize FILE /tmp/Jo* uid(userJo) acc(Update)
Note: CA ControlMinder protects only those files defined in its database.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|