Date: Wed, 2 Mar 2016 21:54:21 +0100 From: Polytropon <freebsd@edvax.de> To: Sergei G <sergeig.public@gmail.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: is there a secure store associated with user? Message-ID: <20160302215421.53c9a7be.freebsd@edvax.de> In-Reply-To: <CAFLLzCNNKZiXVJRYLD=URwhFRfkKo=NhR78cZBH8tOKZPow=kQ@mail.gmail.com> References: <CAFLLzCNNKZiXVJRYLD=URwhFRfkKo=NhR78cZBH8tOKZPow=kQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 2 Mar 2016 10:45:10 -0800, Sergei G wrote: > I am looking for FreeBSD (and Linux) equivalent of DP API in windows. For > example, windows service has access to a secure data store associated with > user account. When I register service I enter service user id and password > and that password unlocks user store. This can be done using regular user:group permissions. Let's say you run the service under a specific user "service" ; let's furthermore say that Bob's user data is owned by bob:bob. Then you just have to make user "service" a member of the group "bob" and set the file attributes to rw-/r--/---, for example: user can read and write, service can only read, nobody else can do anything. In this case, the password of Bob doesn't even have to be known to the service. Locking and unlocking is a matter of group menbership. This is controlled by the system administrator. Oh, and an additional approach is using ACLs. Here, the user himself can "unlock" things easily, if desired. There are probably many other ways that make such a way of access control possible. > Is there something like that in Unix > world? Yes, somehow. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160302215421.53c9a7be.freebsd>