Date: Sat, 21 Jun 2008 13:51:43 +0200 From: Mister Olli <mister.olli@googlemail.com> To: Bill Moran <wmoran@potentialtech.com> Cc: freebsd-questions@freebsd.org Subject: Re: Enforce minimal file/ dir permissions Message-ID: <1214049103.3679.4.camel@phoenix.blechhirn.net> In-Reply-To: <20080616082125.7dd23b70.wmoran@potentialtech.com> References: <1213611664.6398.275.camel@phoenix.blechhirn.net> <20080616082125.7dd23b70.wmoran@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
hi hi... after looking at the mac_bsdextended docs I found out, that it will not solve my problem: > "When access to a file system object is attempted, the list of rules > is iterated until either a matching rule is located or the end is reached" <-- From http://freebsd.therek.net/handbook/mac-bsdextended.html all these rules only apply when you try to read a file. In my case I have to enforce what filesystem rights should be applied when writing the file. Does anyone have ideas how to solve this. I'm quite frustrated, cause I haven't found any way to do this... greetz olli Am Montag, den 16.06.2008, 08:21 -0400 schrieb Bill Moran: > In response to Mister Olli <mister.olli@googlemail.com>: > > > Hi... > > > > on my filer I have to enforce minimal file permission of 664 for files > > and 755 for directorys. > > > > no user should be able to change them to a value less than that. > > > > any ideas how to do this? > > Look at MAC and the bsdextended module (filesystem firewall): > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac.html > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac-bsdextended.html >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1214049103.3679.4.camel>