Previous Topic: Internal File RulesNext Topic: Managing Authorization


Default File Rules

CA ControlMinder creates default file rules during installation to protect sensitive files. Default file rules are visible in selang and can be deleted.

The following table lists the sensitive files that CA ControlMinder protects with default file rules, and the access rights and permitted accessors for the files.

In the table, PMDBDir is the directory in which the policy model databases (PMDBs) reside, and pmd_name is the name of each policy model. By default, PMDBDir is located at ACInstallDir\Data. The location of PMDBDir is defined in the following registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\AccessControl\Pmd\_Pmd_directory_

File

Default Access

Permitted Accessors

ACInstallDir\data\crypto\crypto.dat

None

sechkey

ACInstallDir\data\crypto\def_root.pem*

None

sechkey

ACInstallDir\data\crypto\sub.key

None

sechkey

ACInstallDir\data\crypto\sub.pem

None

sechkey

ACInstallDir\log\policyfetcher.log

Read

+policyfetcher

PMDBDir\pmd_name

Read, Chdir

-

PMDBDir\pmd_name\*

Read, Execute

-