From owner-freebsd-stable@FreeBSD.ORG Mon Jun 27 09:44:27 2005 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B298816A41C; Mon, 27 Jun 2005 09:44:27 +0000 (GMT) (envelope-from dwmalone@maths.tcd.ie) Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11]) by mx1.FreeBSD.org (Postfix) with SMTP id E4D4043D58; Mon, 27 Jun 2005 09:44:26 +0000 (GMT) (envelope-from dwmalone@maths.tcd.ie) Received: from walton.maths.tcd.ie ([134.226.81.10] helo=walton.maths.tcd.ie) by salmon.maths.tcd.ie with SMTP id ; 27 Jun 2005 10:44:25 +0100 (BST) Date: Mon, 27 Jun 2005 10:44:25 +0100 From: David Malone To: K?vesd?n G?bor Message-ID: <20050627094425.GA80771@walton.maths.tcd.ie> References: <42BFBCAF.9040001@t-hosting.hu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42BFBCAF.9040001@t-hosting.hu> User-Agent: Mutt/1.5.6i Sender: dwmalone@maths.tcd.ie Cc: freebsd-stable@freebsd.org, freebsd-questions@freebsd.org Subject: Re: bsdextended mac module question X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jun 2005 09:44:27 -0000 On Mon, Jun 27, 2005 at 10:45:35AM +0200, K?vesd?n G?bor wrote: > Hello, > > I try to make a bsdextended mac policy and when I add the following > rule, I can't login with a simple user: > > ugidfw add subject not uid root object uid root mode rx I think you'll need to allow stat permission too - say "rxs" not just "rx". You may also want to think about what this rule does to /tmp. David.