[index] [text page] [<<start] [<prev] [next>] [last>>]
Page 51: LIDS subjects/objects

Page 51

  
  LIDS subjects/objects
  LIDS allows different subjects (programs) to have different access to objects (capabilities or file ACLs).  Examples:
  grant /usr/sbin/sshd read access to /etc/shadow
  grant /usr/sbin/getty read access to /etc/shadow
  hide /etc/shadow from all other files
  grant /sbin/init write access to /etc/initlvl
  grant read access to /etc/initlvl for all others
  grant /usr/bin/apache CAP_NET_BIND_SERVICE

Copyright 2003, Bri Hatch of Onsight, Inc.

Presented at ISSA Puget Sound, 2003.

Presentation created using vim and MagicPoint.