From owner-freebsd-questions@freebsd.org  Wed Mar  2 20:54:31 2016
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0684EAC1C6B
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Wed,  2 Mar 2016 20:54:31 +0000 (UTC)
 (envelope-from freebsd@edvax.de)
Received: from mx02.qsc.de (mx02.qsc.de [213.148.130.14])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id C5173154E
 for <freebsd-questions@freebsd.org>; Wed,  2 Mar 2016 20:54:30 +0000 (UTC)
 (envelope-from freebsd@edvax.de)
Received: from r56.edvax.de (port-92-195-57-156.dynamic.qsc.de [92.195.57.156])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx02.qsc.de (Postfix) with ESMTPS id 14051276E1;
 Wed,  2 Mar 2016 21:54:21 +0100 (CET)
Received: from r56.edvax.de (localhost [127.0.0.1])
 by r56.edvax.de (8.14.5/8.14.5) with SMTP id u22KsLHG002265;
 Wed, 2 Mar 2016 21:54:21 +0100 (CET) (envelope-from freebsd@edvax.de)
Date: Wed, 2 Mar 2016 21:54:21 +0100
From: Polytropon <freebsd@edvax.de>
To: Sergei G <sergeig.public@gmail.com>
Cc: FreeBSD Questions <freebsd-questions@freebsd.org>
Subject: Re: is there a secure store associated with user?
Message-Id: <20160302215421.53c9a7be.freebsd@edvax.de>
In-Reply-To: <CAFLLzCNNKZiXVJRYLD=URwhFRfkKo=NhR78cZBH8tOKZPow=kQ@mail.gmail.com>
References: <CAFLLzCNNKZiXVJRYLD=URwhFRfkKo=NhR78cZBH8tOKZPow=kQ@mail.gmail.com>
Reply-To: Polytropon <freebsd@edvax.de>
Organization: EDVAX
X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2016 20:54:31 -0000

On Wed, 2 Mar 2016 10:45:10 -0800, Sergei G wrote:
> I am looking for FreeBSD (and Linux) equivalent of DP API in windows. For
> example, windows service has access to a secure data store associated with
> user account.  When I register service I enter service user id and password
> and that password unlocks user store. 

This can be done using regular user:group permissions. Let's say
you run the service under a specific user "service" ; let's
furthermore say that Bob's user data is owned by bob:bob. Then
you just have to make user "service" a member of the group "bob"
and set the file attributes to rw-/r--/---, for example: user
can read and write, service can only read, nobody else can do
anything.

In this case, the password of Bob doesn't even have to be known
to the service. Locking and unlocking is a matter of group
menbership. This is controlled by the system administrator.

Oh, and an additional approach is using ACLs. Here, the user
himself can "unlock" things easily, if desired.

There are probably many other ways that make such a way of access
control possible.



> Is there something like that in Unix
> world?

Yes, somehow. :-)



-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...