File: settrustee.8

package info (click to toggle)
trustees 2.8-2
  • links: PTS
  • area: main
  • in suites: woody
  • size: 404 kB
  • ctags: 13
  • sloc: ansic: 258
file content (67 lines) | stat: -rw-r--r-- 2,194 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
.TH SETTRUSTEE 1
.SH NAME
settrustee \- set the new priviliges from trustee.conf
.SH SYNOPSIS
.B settrustee
\fI<options>\fR
.SH OPTIONS
.HP
\fB\-f\fR <trustee info file name> see fromat below. Default /etc/trustee.conf.
.TP
\fB\-s\fR
<syscall> use syscall
.TP
\fB\-D\fR
delete all trustees from the kernel and exit
.TP
\fB\-d\fR
delete all trustees from the kernel before processing the trustees in the file
.HP
\fB\-p\fR prefix to file names
.PP
File format:

A set of string like:

[block_device_name]/path/path:user_name:DCRWBE:+group_name:OtherChars

{network_name}/path/path:user_name:DCRWBE:+group_name:OtherChars

The string is started from the file (or directory) name. Double // is not allowed
The next field is user name (* means everybody) or + followed by group name
The next field is trustee mask. Possible chars DCRWBEUX mean:
.TP
R
- Read files permission
.TP
W
- Write permission
.TP
B
- Browse (like execute permission for directories)
.TP
E
- rEad diriectories
.TP
X
- eXecute (files, granted only if owner can execute the file
.TP
U
- use Unix permission system (set as default for /)
.TP
D
- deny the permissions in mask
.TP
C
- clear the permissions in mask
.TP
O
- only the directory and files in it (not subdirectories) affected by the trustee
.TP
!
- All except user (group) affected by the trustee
.IP
The access to a file ( directory) calculated on the following manner: the to masks - the first one for allow permission and the second one for deny. The first initially equals to [U], the second - to []. The path to the file (real path, not symbolic link) is analazied from the root directorry. If applicablee trustee is found, the approciate mask is ORed (or & ~(trustee mask) if C is set) to the mask in trustee. Access: given to superusers. Denied if deny flag set for at least one of the modes requested. Allowed if U flag is set, deny U flag is not set and unix permission is allow the access. Allow if all flags for requested mode are set. Denied otherwise. Known limitations: trustee system do not affect ioctl calls.
.SH AUTHOR
This manual page was written by Piotr Roszatycki <dexter@debian.org>,
for the Debian GNU/Linux system (but may be used by others).