86 lines
2.7 KiB
Groff
86 lines
2.7 KiB
Groff
.\" $NetBSD: secmodel_suser.9,v 1.4 2009/10/03 07:37:01 wiz Exp $
|
|
.\"
|
|
.\" Copyright (c) 2009 Elad Efrat <elad@NetBSD.org>
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\" 3. The name of the author may not be used to endorse or promote products
|
|
.\" derived from this software without specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
.\"
|
|
.Dd October 2, 2009
|
|
.Dt SECMODEL_SUSER 9
|
|
.Os
|
|
.Sh NAME
|
|
.Nm secmodel_suser
|
|
.Nd super-user security model
|
|
.Sh DESCRIPTION
|
|
.Nm
|
|
implements the traditional
|
|
.Em super-user
|
|
(root) as the user with effective user-id 0.
|
|
The
|
|
.Em super-user
|
|
is the host administrator, considered to have higher privileges than other
|
|
users.
|
|
.Pp
|
|
The following
|
|
.Xr sysctl 3
|
|
variables are exported:
|
|
.Bl -tag -width compact
|
|
.It security.models.suser.curtain
|
|
If non-zero, will filter returned objects according to the user-id
|
|
requesting information about them, preventing from users any access to
|
|
objects they don't own.
|
|
.Pp
|
|
At the moment, it affects
|
|
.Xr ps 1 ,
|
|
.Xr netstat 1
|
|
(for
|
|
.Dv PF_INET ,
|
|
.Dv PF_INET6 ,
|
|
and
|
|
.Dv PF_UNIX
|
|
PCBs), and
|
|
.Xr w 1 .
|
|
.It security.models.suser.usermount
|
|
Allow non-superuser mounts.
|
|
.Pp
|
|
If non-zero, file-systems are allowed to be mounted by an ordinary user who
|
|
owns the point
|
|
.Ar node
|
|
and has at least read access to the
|
|
.Ar special
|
|
device
|
|
.Xr mount 8
|
|
arguments.
|
|
Finally, the flags
|
|
.Cm nosuid
|
|
and
|
|
.Cm nodev
|
|
must be given for non-superuser mounts.
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr kauth 9 ,
|
|
.Xr secmodel 9 ,
|
|
.Xr secmodel_bsd44 9
|
|
.Sh AUTHORS
|
|
.An Elad Efrat Aq elad@NetBSD.org
|