1 .\" Copyright (c) 2002, 2004 Networks Associates Technology, Inc.
2 .\" All rights reserved.
4 .\" This software was developed for the FreeBSD Project by Chris
5 .\" Costello at Safeport Network Services and NAI Labs, the Security
6 .\" Research Division of Network Associates, Inc. under DARPA/SPAWAR
7 .\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
10 .\" Redistribution and use in source and binary forms, with or without
11 .\" modification, are permitted provided that the following conditions
13 .\" 1. Redistributions of source code must retain the above copyright
14 .\" notice, this list of conditions and the following disclaimer.
15 .\" 2. Redistributions in binary form must reproduce the above copyright
16 .\" notice, this list of conditions and the following disclaimer in the
17 .\" documentation and/or other materials provided with the distribution.
19 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
20 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
23 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 .Nd "firewall-like access controls for file system objects"
75 interface to manage accesses to file system objects by UID and GID,
81 The arguments are as follows:
82 .Bl -tag -width indent -offset indent
100 Add a new rule, automatically selecting the rule number.
101 See the description of
103 for syntax information.
105 Produces a list of all the current
121 Add a new rule or modify an existing rule.
122 The arguments are as follows:
123 .Bl -tag -width ".Ar rulenum"
126 Entries with a lower rule number
128 placing the most frequently-matched rules at the beginning of the list
129 (i.e. lower-numbered)
130 will yield a slight performance increase.
137 Subjects performing an operation must match
143 the user and group specified by
147 for the rule to be applied.
154 Objects must be owned by
160 the user and/or group specified by
164 for the rule to be applied.
165 .It Cm mode Ar arswxn
168 each character represents an access mode.
170 the specified access permissions are enforced
172 When a character is specified in the rule,
173 the rule will allow for the operation.
174 Conversely, not including it will cause the operation
176 The definitions of each character are as follows:
178 .Bl -tag -width ".Cm w" -compact -offset indent
180 administrative operations
184 access to file attributes
193 .It Cm remove Ar rulenum
194 Disable and remove the rule with the specified rule number.
197 .Xr mac_bsdextended 4 ,
202 utility first appeared in
205 This software was contributed to the
207 Project by NAI Labs, the Security Research Division of Network Associates
208 Inc. under DARPA/SPAWAR contract N66001-01-C-8035
210 as part of the DARPA CHATS research program.