Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
UGIDFW(8)		  BSD System Manager's Manual		     UGIDFW(8)

     ugidfw -- firewall-like access controls for file system objects

     ugidfw list
     ugidfw set	rulenum	subject	[not] [uid uid]	[gid gid] object [not]
	    [uid uid] [gid gid]	mode arswxn
     ugidfw remove rulenum

     The ugidfw	utility	provides an ipfw(8)-like interface to manage accesses
     to	file system objects by UID and GID, supported by the
     mac_bsdextended(4)	mac(9) policy.

     The arguments are as follows:

	   list	   Produces a list of all the current ugidfw rules in the sys-

	   set rulenum subject [not] [uid uid] [gid gid] object	[not] [uid
		   uid]	[gid gid] mode arswxn
		   Add a new rule or modify an existing	rule.  The arguments
		   are as follows:

		   rulenum  Rule number.  Entries with a lower rule number are
			    applied first; placing the most frequently-matched
			    rules at the beginning of the list (i.e. lower-
			    numbered) will yield a slight performance in-

		   subject [not] [uid uid] [gid	gid]
			    Subjects performing	an operation must match	(or,
			    if not is specified, must not match) the user and
			    group specified by uid and/or gid for the rule to
			    be applied.

		   object [not]	[uid uid] [gid gid]
			    Objects must be owned by (or, if not is specified,
			    must not be	owned by) the user and/or group	speci-
			    fied by uid	and/or gid for the rule	to be applied.

		   mode	arswxn
			    Similar to chmod(1), each character	represents an
			    access mode.  If the rule applies, the specified
			    access permissions are enforced for	the object.
			    When a character is	specified in the rule, the
			    rule will allow for	the operation.	Conversely,
			    not	including it will cause	the operation to be
			    denied.  The definitions of	each character are as

				  a  administrative operations
				  r  read access
				  s  access to file attributes
				  w  write access
				  x  execute access
				  n  none

	   remove rulenum
		   Disable and remove the rule with the	specified rule number.

     mac_bsdextended(4), mac(9)

     The ugidfw	utility	first appeared in FreeBSD 5.0.

     This software was contributed to the FreeBSD Project by NAI Labs, the Se-
     curity Research Division of Network Associates Inc. under DARPA/SPAWAR
     contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research

BSD			       October 11, 2002				   BSD


Want to link to this manual page? Use this URL:

home | help