From owner-freebsd-questions@FreeBSD.ORG Tue Jun 17 09:35:01 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4DAC41065672 for ; Tue, 17 Jun 2008 09:35:00 +0000 (UTC) (envelope-from mister.olli@googlemail.com) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.236]) by mx1.freebsd.org (Postfix) with ESMTP id 04FDC8FC1D for ; Tue, 17 Jun 2008 09:34:59 +0000 (UTC) (envelope-from mister.olli@googlemail.com) Received: by wr-out-0506.google.com with SMTP id c8so1135829wra.27 for ; Tue, 17 Jun 2008 02:34:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:subject:from:reply-to:to:cc :in-reply-to:references:content-type:date:message-id:mime-version :x-mailer:content-transfer-encoding; bh=8GAV9IiteVbNjB8bGeMYix3d39dLW4IfGki5EeGXcTc=; b=Hr3lCVv7LYcPcJGdgsIdYHkdLZ+wuA8GD7qO/F5WTYwxzr176TeVqK/AgriVqoftEd mUP0+i/xSla9gWnLy9giQj4s4uTH0mf3X+/2jR5qJs20rQB4HZCCItmA8U0BFLa/Wdzi YrUp/2/wPM/DRA4TvGbELmnb3+0jq99TjI1GA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=subject:from:reply-to:to:cc:in-reply-to:references:content-type :date:message-id:mime-version:x-mailer:content-transfer-encoding; b=lDB3zpKcsjrwAl/rfESJepY9/WKR/AbtHN65ywZ/jHQ/nFTha382YGvHX5FVUsgIAq mtNrKVLWGSY70CEmJ3sm/67uN5qnUyWMnZra2jvQ/9ip3TMMF7PHLy/Qv6DHhPcH2EM/ +LWnbNKdPoAbMHWKPCbB8k9eexFKBgKyKPL5s= Received: by 10.90.116.9 with SMTP id o9mr8476646agc.52.1213695299072; Tue, 17 Jun 2008 02:34:59 -0700 (PDT) Received: from ?10.1.0.14? ( [85.10.195.13]) by mx.google.com with ESMTPS id c78sm6165631hsa.12.2008.06.17.02.34.57 (version=SSLv3 cipher=RC4-MD5); Tue, 17 Jun 2008 02:34:58 -0700 (PDT) From: Mister Olli To: Jeffrey Goldberg In-Reply-To: References: <1213611664.6398.275.camel@phoenix.blechhirn.net> <20080616082125.7dd23b70.wmoran@potentialtech.com> Content-Type: text/plain Date: Tue, 17 Jun 2008 11:34:43 +0200 Message-Id: <1213695283.760.8.camel@phoenix.blechhirn.net> Mime-Version: 1.0 X-Mailer: Evolution 2.12.3 Content-Transfer-Encoding: 7bit Cc: Bill Moran , FreeBSD List Subject: Re: Enforce minimal file/ dir permissions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: mister.olli@googlemail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jun 2008 09:35:01 -0000 hi.... Am Montag, den 16.06.2008, 08:51 -0500 schrieb Jeffrey Goldberg: > On Jun 16, 2008, at 7:21 AM, Bill Moran wrote: > > > Look at MAC and the bsdextended module (filesystem firewall): > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac.html > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac-bsdextended.html > > I've recently been looking at those myself, and while I think that I > have developed some limited understanding "in principle" about how MAC > works, I need a great deal more practical guidance. Is there some > extended tutorial with cookbook or other resource that will actually > help someone who doesn't fully grok this work out a policy and rules > that will do more good than harm? Yeah, I'm currently in the same need of some documentation. Do you have any hints on that? I would be happy to extend some, if it exists. or even upload some of my own documentation/ knowledge to the web ;-)) oh, and does anybody of you know how to express a file mode of 660 (unix) with the 'ugidfw' utility within a rule? greetz, olli