xref: /freebsd/usr.sbin/ugidfw/ugidfw.8 (revision 43a5ec4eb41567cc92586503212743d89686d78f)
1.\" Copyright (c) 2002, 2004 Networks Associates Technology, Inc.
2.\" All rights reserved.
3.\"
4.\" This software was developed for the FreeBSD Project by Chris
5.\" Costello at Safeport Network Services and NAI Labs, the Security
6.\" Research Division of Network Associates, Inc. under DARPA/SPAWAR
7.\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
8.\" research program.
9.\"
10.\" Redistribution and use in source and binary forms, with or without
11.\" modification, are permitted provided that the following conditions
12.\" are met:
13.\" 1. Redistributions of source code must retain the above copyright
14.\"    notice, this list of conditions and the following disclaimer.
15.\" 2. Redistributions in binary form must reproduce the above copyright
16.\"    notice, this list of conditions and the following disclaimer in the
17.\"    documentation and/or other materials provided with the distribution.
18.\"
19.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29.\" SUCH DAMAGE.
30.\"
31.\" $FreeBSD$
32.\"
33.Dd February 24, 2004
34.Dt UGIDFW 8
35.Os
36.Sh NAME
37.Nm ugidfw
38.Nd "firewall-like access controls for file system objects"
39.Sh SYNOPSIS
40.Nm
41.Cm add
42.Cm subject
43.Op Cm not
44.Oo
45.Op Cm \&!
46.Cm uid Ar uid | minuid:maxuid
47.Oc
48.Oo
49.Op Cm \&!
50.Cm gid Ar gid | mingid:maxgid
51.Oc
52.Oo
53.Op Cm \&!
54.Cm jailid Ad jailid
55.Oc
56.Cm object
57.Op Cm not
58.Oo
59.Op Cm \&!
60.Cm uid Ar uid | minuid:maxuid
61.Oc
62.Oo
63.Op Cm \&!
64.Cm gid Ar gid | mingid:maxgid
65.Oc
66.Oo
67.Op Cm \&!
68.Cm filesys Ad path
69.Oc
70.Oo
71.Op Cm \&!
72.Cm suid
73.Oc
74.Oo
75.Op Cm \&!
76.Cm sgid
77.Oc
78.Oo
79.Op Cm \&!
80.Cm uid_of_subject
81.Oc
82.Oo
83.Op Cm \&!
84.Cm gid_of_subject
85.Oc
86.Oo
87.Op Cm \&!
88.Cm type Ar ardbclsp
89.Oc
90.Cm mode
91.Ar arswxn
92.Nm
93.Cm list
94.Nm
95.Cm set
96.Ar rulenum
97.Cm subject
98.Op Cm not
99.Oo
100.Op Cm \&!
101.Cm uid Ar uid | minuid:maxuid
102.Oc
103.Oo
104.Op Cm \&!
105.Cm gid Ar gid | mingid:maxgid
106.Oc
107.Oo
108.Op Cm \&!
109.Cm jailid Ad jailid
110.Oc
111.Cm object
112.Op Cm not
113.Oo
114.Op Cm \&!
115.Cm uid Ar uid | minuid:maxuid
116.Oc
117.Oo
118.Op Cm \&!
119.Cm gid Ar gid | mingid:maxgid
120.Oc
121.Oo
122.Op Cm \&!
123.Cm filesys Ad path
124.Oc
125.Oo
126.Op Cm \&!
127.Cm suid
128.Oc
129.Oo
130.Op Cm \&!
131.Cm sgid
132.Oc
133.Oo
134.Op Cm \&!
135.Cm uid_of_subject
136.Oc
137.Oo
138.Op Cm \&!
139.Cm gid_of_subject
140.Oc
141.Oo
142.Op Cm \&!
143.Cm type Ar ardbclsp
144.Oc
145.Cm mode
146.Ar arswxn
147.Nm
148.Cm remove
149.Ar rulenum
150.Sh DESCRIPTION
151The
152.Nm
153utility provides an
154.Xr ipfw 8 Ns -like
155interface to manage access to file system objects by UID and GID,
156supported by the
157.Xr mac_bsdextended 4
158.Xr mac 9
159policy.
160.Pp
161The arguments are as follows:
162.Bl -tag -width indent -offset indent
163.It Xo
164.Cm add
165.Cm subject
166.Ar ...
167.Cm object
168.Ar ...
169.Cm mode
170.Ar arswxn
171.Xc
172Add a new rule, automatically selecting the rule number.
173See the description of
174.Cm set
175for syntax information.
176.It Cm list
177Produces a list of all the current
178.Nm
179rules in the system.
180.It Xo
181.Cm set Ar rulenum
182.Cm subject
183.Ar ...
184.Cm object
185.Ar ...
186.Cm mode
187.Ar arswxn
188.Xc
189Add a new rule or modify an existing rule.
190The arguments are as follows:
191.Bl -tag -width ".Ar rulenum"
192.It Ar rulenum
193Rule number.
194Entries with a lower rule number
195are applied first;
196placing the most frequently-matched rules at the beginning of the list
197(i.e., lower-numbered)
198will yield a slight performance increase.
199.It Xo
200.Cm subject
201.Op Cm not
202.Oo
203.Op Cm \&!
204.Cm uid Ar uid | minuid:maxuid
205.Oc
206.Oo
207.Op Cm \&!
208.Cm gid Ar gid | mingid:maxgid
209.Oc
210.Oo
211.Op Cm \&!
212.Cm jailid Ad jailid
213.Oc
214.Xc
215Subjects performing an operation must match all the conditions given.
216A leading
217.Cm not
218means that the subject should not match the remainder of the specification.
219A condition may be prefixed by
220.Cm \&!
221to indicate that particular condition must not match the subject.
222The subject can be required to have a particular
223.Ar uid
224and/or
225.Ar gid .
226A range of uids/gids can be specified, separated by a colon.
227The subject can be required to be in a particular jail with the
228.Ar jailid .
229.It Xo
230.Cm object
231.Op Cm not
232.Oo
233.Op Cm \&!
234.Cm uid Ar uid | minuid:maxuid
235.Oc
236.Oo
237.Op Cm \&!
238.Cm gid Ar gid | mingid:maxgid
239.Oc
240.Oo
241.Op Cm \&!
242.Cm filesys Ad path
243.Oc
244.Oo
245.Op Cm \&!
246.Cm suid
247.Oc
248.Oo
249.Op Cm \&!
250.Cm sgid
251.Oc
252.Oo
253.Op Cm \&!
254.Cm uid_of_subject
255.Oc
256.Oo
257.Op Cm \&!
258.Cm gid_of_subject
259.Oc
260.Oo
261.Op Cm \&!
262.Cm type Ar ardbclsp
263.Oc
264.Xc
265The rule will apply only to objects matching all the specified conditions.
266A leading
267.Cm not
268means that the object should not match all the remaining conditions.
269A condition may be prefixed by
270.Cm \&!
271to indicate that particular condition must not match the object.
272Objects can be required to be owned by the user and/or group specified by
273.Ar uid
274and/or
275.Ar gid .
276A range of uids/gids can be specified, separated by a colon.
277The object can be required to be in a particular filesystem by
278specifying the filesystem using
279.Cm filesys .
280Note,
281if the filesystem is unmounted and remounted,
282then the rule may need to be reapplied to ensure the correct filesystem
283id is used.
284The object can be required to have the
285.Cm suid
286or
287.Cm sgid
288bits set.
289The owner of the object can be required to match the
290.Cm uid_of_subject
291or the
292.Cm gid_of_subject
293attempting the operation.
294The type of the object can be restricted to a subset of
295the following types.
296.Pp
297.Bl -tag -width ".Cm w" -compact -offset indent
298.It Cm a
299any file type
300.It Cm r
301a regular file
302.It Cm d
303a directory
304.It Cm b
305a block special device
306.It Cm c
307a character special device
308.It Cm l
309a symbolic link
310.It Cm s
311a unix domain socket
312.It Cm p
313a named pipe (FIFO)
314.El
315.It Cm mode Ar arswxn
316Similar to
317.Xr chmod 1 ,
318each character represents an access mode.
319If the rule applies,
320the specified access permissions are enforced
321for the object.
322When a character is specified in the rule,
323the rule will allow for the operation.
324Conversely, not including it will cause the operation
325to be denied.
326The definitions of each character are as follows:
327.Pp
328.Bl -tag -width ".Cm w" -compact -offset indent
329.It Cm a
330administrative operations
331.It Cm r
332read access
333.It Cm s
334access to file attributes
335.It Cm w
336write access
337.It Cm x
338execute access
339.It Cm n
340none
341.El
342.El
343.It Cm remove Ar rulenum
344Disable and remove the rule with the specified rule number.
345.El
346.Sh SEE ALSO
347.Xr mac_bsdextended 4 ,
348.Xr mac 9
349.Sh HISTORY
350The
351.Nm
352utility first appeared in
353.Fx 5.0 .
354.Sh AUTHORS
355This software was contributed to the
356.Fx
357Project by NAI Labs, the Security Research Division of Network Associates
358Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035
359.Pq Dq CBOSS ,
360as part of the DARPA CHATS research program.
361