FreeBSD Manual Pages
MAC_DO(4) Kernel Interfaces Manual MAC_DO(4) NAME mac_do -- policy allowing user to execute program as another user SYNOPSIS To compile the mac_do policy into your kernel, place the following lines in your ker- nel configruation file: options MAC options MAC_DO DESCRIPTION The mac_do policy grants users the ability to run processs as other users according to predefined rules. The exact set of kernel privileges granted are: PRIV_CRED_SETGROUPS PRIV_CRED_SETUID The following sysctl(8) MIBs are available: security.mac.do.enabled Enable the mac_do policy. (Default: 1). security.mac.do.rules The set of rules. The rules consist of a list of elements separated by `,'. Each element is of the form "[uid|gid]=fid:tid" . Where fid is the uid or gid of the user or group the rule applies to, and tid is the uid of the tar- getted user. Two special forms are accepted for tid: any or *, which allow to target any user. EXAMPLES The following rule: security.mac.do.rules=uid=1001:80,gid=0:any means the user with the uid 1001 can execute processes as user with uid 80, all the users which belongs to the group gid 0 can execute processes as any user. SEE ALSO mac(4), mdo(1) FreeBSD 13.2 May 22, 2024 MAC_DO(4)
NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | SEE ALSO
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=mac_do&sektion=4&manpath=FreeBSD+14.2-RELEASE+and+Ports>