Previous Topic: Using Conditional Access Control ListsNext Topic: Blocking Trojan Horses with the _abspath Group


Using Negative Access Control Lists

You can deny a user or group specific access types using a Negative Access Control List (NACL).

With the CA ControlMinder language (selang), use the following command to deny access:

auth className resourceName [gid(group‑name...)] \
[uid({user‑name...|*})] [deniedaccess(accessvalue)]