| ugidfw.8 (89ddbd45e5e8e521f98c3e4a42fe969499f1a70c) | ugidfw.8 (32ba16b6e6dbfa5e4f536695191a8816bd6a8765) |
|---|---|
| 1.\" Copyright (c) 2002, 2004 Networks Associates Technology, Inc. 2.\" All rights reserved. 3.\" 4.\" This software was developed for the FreeBSD Project by Chris 5.\" Costello at Safeport Network Services and NAI Labs, the Security 6.\" Research Division of Network Associates, Inc. under DARPA/SPAWAR 7.\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS 8.\" research program. --- 209 unchanged lines hidden (view full) --- 218means that the subject should not match the remainder of the specification. 219A condition may be prefixed by 220.Cm \&! 221to indicate that particular condition must not match the subject. 222The subject can be required to have a particular 223.Ar uid 224and/or 225.Ar gid . | 1.\" Copyright (c) 2002, 2004 Networks Associates Technology, Inc. 2.\" All rights reserved. 3.\" 4.\" This software was developed for the FreeBSD Project by Chris 5.\" Costello at Safeport Network Services and NAI Labs, the Security 6.\" Research Division of Network Associates, Inc. under DARPA/SPAWAR 7.\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS 8.\" research program. --- 209 unchanged lines hidden (view full) --- 218means that the subject should not match the remainder of the specification. 219A condition may be prefixed by 220.Cm \&! 221to indicate that particular condition must not match the subject. 222The subject can be required to have a particular 223.Ar uid 224and/or 225.Ar gid . |
| 226A range of uids/gids can be specified, 227seperated by a colon. | 226A range of uids/gids can be specified, separated by a colon. |
| 228The subject can be required to be in a particular jail with the 229.Ar jailid . 230.It Xo 231.Cm object 232.Op Cm not 233.Oo 234.Op Cm \&! 235.Cm uid Ar uid | minuid:maxuid --- 33 unchanged lines hidden (view full) --- 269means that the object should not match all the remaining conditions. 270A condition may be prefixed by 271.Cm \&! 272to indicate that particular condition must not match the object. 273Objects can be required to be owned by the user and/or group specified by 274.Ar uid 275and/or 276.Ar gid . | 227The subject can be required to be in a particular jail with the 228.Ar jailid . 229.It Xo 230.Cm object 231.Op Cm not 232.Oo 233.Op Cm \&! 234.Cm uid Ar uid | minuid:maxuid --- 33 unchanged lines hidden (view full) --- 268means that the object should not match all the remaining conditions. 269A condition may be prefixed by 270.Cm \&! 271to indicate that particular condition must not match the object. 272Objects can be required to be owned by the user and/or group specified by 273.Ar uid 274and/or 275.Ar gid . |
| 277A range of uids/gids can be specified, seperated by a colon. | 276A range of uids/gids can be specified, separated by a colon. |
| 278The object can be required to be in a particular filesystem by | 277The object can be required to be in a particular filesystem by |
| 279specifing the filesystem using | 278specifying the filesystem using |
| 280.Cm filesys . 281Note, 282if the filesystem is unmounted and remounted, 283then the rule may need to be reapplied to ensure the correct filesystem 284id is used. 285The object can be required to have the 286.Cm suid 287or --- 74 unchanged lines hidden --- | 279.Cm filesys . 280Note, 281if the filesystem is unmounted and remounted, 282then the rule may need to be reapplied to ensure the correct filesystem 283id is used. 284The object can be required to have the 285.Cm suid 286or --- 74 unchanged lines hidden --- |