From owner-freebsd-questions@FreeBSD.ORG Sat Jun 21 11:51:51 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5CA6B1065670 for ; Sat, 21 Jun 2008 11:51:51 +0000 (UTC) (envelope-from mister.olli@googlemail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.169]) by mx1.freebsd.org (Postfix) with ESMTP id D4E318FC1C for ; Sat, 21 Jun 2008 11:51:50 +0000 (UTC) (envelope-from mister.olli@googlemail.com) Received: by ug-out-1314.google.com with SMTP id q2so142529uge.37 for ; Sat, 21 Jun 2008 04:51:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:subject:from:reply-to:to:cc :in-reply-to:references:content-type:date:message-id:mime-version :x-mailer:content-transfer-encoding; bh=nvux+do9yIoXsMp6SQPUBXfBUo8llCH0zVUdVREKn9k=; b=DX+zbGEoWHwq9atXRVbV/SOQXi6LEU26jRDlpt4kkQfOFd5M06DoD+I2AscPp6b7cH RQF3hd7RwtZe4CqkkG1JqzdY4W8J0aijI9df0yhg6vG4XyUj9FojluFXNPM3GdLBJGhL A5aYBqIBFpL3K+JblK3SHYMvqcVXX5ATM8fgE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=subject:from:reply-to:to:cc:in-reply-to:references:content-type :date:message-id:mime-version:x-mailer:content-transfer-encoding; b=jVvzoWit/6pWEZ+3qmI9MgntrRr9Z81o2SHqFt4RvvELLxmwf3Ya6FBt98PdDnYrM1 cOyPVt2AdH9WvXhAMjiZI9+ueI5n0vch7Fw0DwK53GdEA6C4N/c12w1Zgi4N2fxdNq0w QZrgs82rBKbXtdhNafgMyDbj8lHCIeiCESTic= Received: by 10.66.221.19 with SMTP id t19mr554622ugg.69.1214049108937; Sat, 21 Jun 2008 04:51:48 -0700 (PDT) Received: from ?10.30.1.136? ( [78.47.172.52]) by mx.google.com with ESMTPS id 19sm24031504ugl.17.2008.06.21.04.51.45 (version=SSLv3 cipher=RC4-MD5); Sat, 21 Jun 2008 04:51:47 -0700 (PDT) From: Mister Olli To: Bill Moran In-Reply-To: <20080616082125.7dd23b70.wmoran@potentialtech.com> References: <1213611664.6398.275.camel@phoenix.blechhirn.net> <20080616082125.7dd23b70.wmoran@potentialtech.com> Content-Type: text/plain Date: Sat, 21 Jun 2008 13:51:43 +0200 Message-Id: <1214049103.3679.4.camel@phoenix.blechhirn.net> Mime-Version: 1.0 X-Mailer: Evolution 2.12.3 Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Enforce minimal file/ dir permissions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: mister.olli@googlemail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Jun 2008 11:51:51 -0000 hi hi... after looking at the mac_bsdextended docs I found out, that it will not solve my problem: > "When access to a file system object is attempted, the list of rules > is iterated until either a matching rule is located or the end is reached" <-- From http://freebsd.therek.net/handbook/mac-bsdextended.html all these rules only apply when you try to read a file. In my case I have to enforce what filesystem rights should be applied when writing the file. Does anyone have ideas how to solve this. I'm quite frustrated, cause I haven't found any way to do this... greetz olli Am Montag, den 16.06.2008, 08:21 -0400 schrieb Bill Moran: > In response to Mister Olli : > > > Hi... > > > > on my filer I have to enforce minimal file permission of 664 for files > > and 755 for directorys. > > > > no user should be able to change them to a value less than that. > > > > any ideas how to do this? > > Look at MAC and the bsdextended module (filesystem firewall): > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac.html > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac-bsdextended.html >