| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | .\" $NetBSD: secmodel_suser.9,v 1.3 2009/10/02 20:31:19 elad Exp $ | | 1 | .\" $NetBSD: secmodel_suser.9,v 1.4 2009/10/03 07:37:01 wiz Exp $ |
2 | .\" | | 2 | .\" |
3 | .\" Copyright (c) 2009 Elad Efrat <elad@NetBSD.org> | | 3 | .\" Copyright (c) 2009 Elad Efrat <elad@NetBSD.org> |
4 | .\" All rights reserved. | | 4 | .\" All rights reserved. |
5 | .\" | | 5 | .\" |
6 | .\" Redistribution and use in source and binary forms, with or without | | 6 | .\" Redistribution and use in source and binary forms, with or without |
7 | .\" modification, are permitted provided that the following conditions | | 7 | .\" modification, are permitted provided that the following conditions |
8 | .\" are met: | | 8 | .\" are met: |
9 | .\" 1. Redistributions of source code must retain the above copyright | | 9 | .\" 1. Redistributions of source code must retain the above copyright |
10 | .\" notice, this list of conditions and the following disclaimer. | | 10 | .\" notice, this list of conditions and the following disclaimer. |
11 | .\" 2. Redistributions in binary form must reproduce the above copyright | | 11 | .\" 2. Redistributions in binary form must reproduce the above copyright |
12 | .\" notice, this list of conditions and the following disclaimer in the | | 12 | .\" notice, this list of conditions and the following disclaimer in the |
13 | .\" documentation and/or other materials provided with the distribution. | | 13 | .\" documentation and/or other materials provided with the distribution. |
14 | .\" 3. The name of the author may not be used to endorse or promote products | | 14 | .\" 3. The name of the author may not be used to endorse or promote products |
| @@ -25,28 +25,27 @@ | | | @@ -25,28 +25,27 @@ |
25 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | | 25 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
26 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | | 26 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
27 | .\" | | 27 | .\" |
28 | .Dd October 2, 2009 | | 28 | .Dd October 2, 2009 |
29 | .Dt SECMODEL_SUSER 9 | | 29 | .Dt SECMODEL_SUSER 9 |
30 | .Os | | 30 | .Os |
31 | .Sh NAME | | 31 | .Sh NAME |
32 | .Nm secmodel_suser | | 32 | .Nm secmodel_suser |
33 | .Nd super-user security model | | 33 | .Nd super-user security model |
34 | .Sh DESCRIPTION | | 34 | .Sh DESCRIPTION |
35 | .Nm | | 35 | .Nm |
36 | implements the traditional | | 36 | implements the traditional |
37 | .Em super-user | | 37 | .Em super-user |
38 | (root) as the user with effective user-id | | 38 | (root) as the user with effective user-id 0. |
39 | 0. | | | |
40 | The | | 39 | The |
41 | .Em super-user | | 40 | .Em super-user |
42 | is the host administrator, considered to have higher privileges than other | | 41 | is the host administrator, considered to have higher privileges than other |
43 | users. | | 42 | users. |
44 | .Pp | | 43 | .Pp |
45 | The following | | 44 | The following |
46 | .Xr sysctl 3 | | 45 | .Xr sysctl 3 |
47 | variables are exported: | | 46 | variables are exported: |
48 | .Bl -tag -width compact | | 47 | .Bl -tag -width compact |
49 | .It security.models.suser.curtain | | 48 | .It security.models.suser.curtain |
50 | If non-zero, will filter returned objects according to the user-id | | 49 | If non-zero, will filter returned objects according to the user-id |
51 | requesting information about them, preventing from users any access to | | 50 | requesting information about them, preventing from users any access to |
52 | objects they don't own. | | 51 | objects they don't own. |
| @@ -57,29 +56,29 @@ At the moment, it affects | | | @@ -57,29 +56,29 @@ At the moment, it affects |
57 | (for | | 56 | (for |
58 | .Dv PF_INET , | | 57 | .Dv PF_INET , |
59 | .Dv PF_INET6 , | | 58 | .Dv PF_INET6 , |
60 | and | | 59 | and |
61 | .Dv PF_UNIX | | 60 | .Dv PF_UNIX |
62 | PCBs), and | | 61 | PCBs), and |
63 | .Xr w 1 . | | 62 | .Xr w 1 . |
64 | .It security.models.suser.usermount | | 63 | .It security.models.suser.usermount |
65 | Allow non-superuser mounts. | | 64 | Allow non-superuser mounts. |
66 | .Pp | | 65 | .Pp |
67 | If non-zero, file-systems are allowed to be mounted by an ordinary user who | | 66 | If non-zero, file-systems are allowed to be mounted by an ordinary user who |
68 | owns the point | | 67 | owns the point |
69 | .Ar node | | 68 | .Ar node |
70 | and has at least read access to the | | 69 | and has at least read access to the |
71 | .Ar special | | 70 | .Ar special |
72 | device | | 71 | device |
73 | .Xr mount 8 | | 72 | .Xr mount 8 |
74 | arguments. | | 73 | arguments. |
75 | Finally, the flags | | 74 | Finally, the flags |
76 | .Cm nosuid | | 75 | .Cm nosuid |
77 | and | | 76 | and |
78 | .Cm nodev | | 77 | .Cm nodev |
79 | must be given for non-superuser mounts. | | 78 | must be given for non-superuser mounts. |
80 | .El | | 79 | .El |
81 | .Sh SEE ALSO | | 80 | .Sh SEE ALSO |
82 | .Xr kauth 9 , | | 81 | .Xr kauth 9 , |
83 | .Xr secmodel 9 , | | 82 | .Xr secmodel 9 , |
84 | .Xr secmodel_bsd44 9 | | 83 | .Xr secmodel_bsd44 9 |
85 | .Sh AUTHORS | | 84 | .Sh AUTHORS |