xref: /freebsd/usr.sbin/ugidfw/ugidfw.8 (revision 9bd497b8354567454e075076d40c996e21bd6095)
1.\" Copyright (c) 2002, 2004 Networks Associates Technology, Inc.
2.\" All rights reserved.
3.\"
4.\" This software was developed for the FreeBSD Project by Chris
5.\" Costello at Safeport Network Services and NAI Labs, the Security
6.\" Research Division of Network Associates, Inc. under DARPA/SPAWAR
7.\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
8.\" research program.
9.\"
10.\" Redistribution and use in source and binary forms, with or without
11.\" modification, are permitted provided that the following conditions
12.\" are met:
13.\" 1. Redistributions of source code must retain the above copyright
14.\"    notice, this list of conditions and the following disclaimer.
15.\" 2. Redistributions in binary form must reproduce the above copyright
16.\"    notice, this list of conditions and the following disclaimer in the
17.\"    documentation and/or other materials provided with the distribution.
18.\"
19.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29.\" SUCH DAMAGE.
30.\"
31.\" $FreeBSD$
32.\"
33.Dd February 24, 2004
34.Dt UGIDFW 8
35.Os
36.Sh NAME
37.Nm ugidfw
38.Nd "firewall-like access controls for file system objects"
39.Sh SYNOPSIS
40.Nm
41.Cm add
42.Cm subject
43.Op Cm not
44.Oo
45.Op Cm \&!
46.Cm uid Ar uid | minuid:maxuid
47.Oc
48.Oo
49.Op Cm \&!
50.Cm gid Ar gid | mingid:maxgid
51.Oc
52.Oo
53.Op Cm \&!
54.Cm jailid Ad jailid
55.Oc
56.Cm object
57.Op Cm not
58.Oo
59.Op Cm \&!
60.Cm uid Ar uid | minuid:maxuid
61.Oc
62.Oo
63.Op Cm \&!
64.Cm gid Ar gid | mingid:maxgid
65.Oc
66.Oo
67.Op Cm \&!
68.Cm filesys Ad path
69.Oc
70.Oo
71.Op Cm \&!
72.Cm suid
73.Oc
74.Oo
75.Op Cm \&!
76.Cm sgid
77.Oc
78.Oo
79.Op Cm \&!
80.Cm uid_of_subject
81.Oc
82.Oo
83.Op Cm \&!
84.Cm gid_of_subject
85.Oc
86.Oo
87.Op Cm \&!
88.Cm type Ar ardbclsp
89.Oc
90.Cm mode
91.Ar arswxn
92.Nm
93.Cm list
94.Nm
95.Cm set
96.Ar rulenum
97.Cm subject
98.Op Cm not
99.Oo
100.Op Cm \&!
101.Cm uid Ar uid | minuid:maxuid
102.Oc
103.Oo
104.Op Cm \&!
105.Cm gid Ar gid | mingid:maxgid
106.Oc
107.Oo
108.Op Cm \&!
109.Cm jailid Ad jailid
110.Oc
111.Cm object
112.Op Cm not
113.Oo
114.Op Cm \&!
115.Cm uid Ar uid | minuid:maxuid
116.Oc
117.Oo
118.Op Cm \&!
119.Cm gid Ar gid | mingid:maxgid
120.Oc
121.Oo
122.Op Cm \&!
123.Cm filesys Ad path
124.Oc
125.Oo
126.Op Cm \&!
127.Cm suid
128.Oc
129.Oo
130.Op Cm \&!
131.Cm sgid
132.Oc
133.Oo
134.Op Cm \&!
135.Cm uid_of_subject
136.Oc
137.Oo
138.Op Cm \&!
139.Cm gid_of_subject
140.Oc
141.Oo
142.Op Cm \&!
143.Cm type Ar ardbclsp
144.Oc
145.Cm mode
146.Ar arswxn
147.Nm
148.Cm remove
149.Ar rulenum
150.Sh DESCRIPTION
151The
152.Nm
153utility provides an
154.Xr ipfw 8 Ns -like
155interface to manage access to file system objects by UID and GID,
156supported by the
157.Xr mac_bsdextended 4
158.Xr mac 9
159policy.
160.Pp
161The arguments are as follows:
162.Bl -tag -width indent -offset indent
163.It Xo
164.Cm add
165.Cm subject
166.Ar ...
167.Cm object
168.Ar ...
169.Cm mode
170.Ar arswxn
171.Xc
172Add a new rule, automatically selecting the rule number.
173See the description of
174.Cm set
175for syntax information.
176.It Cm list
177Produces a list of all the current
178.Nm
179rules in the system.
180.It Xo
181.Cm set Ar rulenum
182.Cm subject
183.Ar ...
184.Cm object
185.Ar ...
186.Cm mode
187.Ar arswxn
188.Xc
189Add a new rule or modify an existing rule.
190The arguments are as follows:
191.Bl -tag -width ".Ar rulenum"
192.It Ar rulenum
193Rule number.
194Entries with a lower rule number
195are applied first;
196placing the most frequently-matched rules at the beginning of the list
197(i.e., lower-numbered)
198will yield a slight performance increase.
199.It Xo
200.Cm subject
201.Op Cm not
202.Oo
203.Op Cm \&!
204.Cm uid Ar uid | minuid:maxuid
205.Oc
206.Oo
207.Op Cm \&!
208.Cm gid Ar gid | mingid:maxgid
209.Oc
210.Oo
211.Op Cm \&!
212.Cm jailid Ad jailid
213.Oc
214.Xc
215Subjects performing an operation must match all the conditions given.
216A leading
217.Cm not
218means that the subject should not match the remainder of the specification.
219A condition may be prefixed by
220.Cm \&!
221to indicate that particular condition must not match the subject.
222The subject can be required to have a particular
223.Ar uid
224and/or
225.Ar gid .
226A range of uids/gids can be specified,
227seperated by a colon.
228The subject can be required to be in a particular jail with the
229.Ar jailid .
230.It Xo
231.Cm object
232.Op Cm not
233.Oo
234.Op Cm \&!
235.Cm uid Ar uid | minuid:maxuid
236.Oc
237.Oo
238.Op Cm \&!
239.Cm gid Ar gid | mingid:maxgid
240.Oc
241.Oo
242.Op Cm \&!
243.Cm filesys Ad path
244.Oc
245.Oo
246.Op Cm \&!
247.Cm suid
248.Oc
249.Oo
250.Op Cm \&!
251.Cm sgid
252.Oc
253.Oo
254.Op Cm \&!
255.Cm uid_of_subject
256.Oc
257.Oo
258.Op Cm \&!
259.Cm gid_of_subject
260.Oc
261.Oo
262.Op Cm \&!
263.Cm type Ar ardbclsp
264.Oc
265.Xc
266The rule will apply only to objects matching all the specified conditions.
267A leading
268.Cm not
269means that the object should not match all the remaining conditions.
270A condition may be prefixed by
271.Cm \&!
272to indicate that particular condition must not match the object.
273Objects can be required to be owned by the user and/or group specified by
274.Ar uid
275and/or
276.Ar gid .
277A range of uids/gids can be specified, seperated by a colon.
278The object can be required to be in a particular filesystem by
279specifing the filesystem using
280.Cm filesys .
281Note,
282if the filesystem is unmounted and remounted,
283then the rule may need to be reapplied to ensure the correct filesystem
284id is used.
285The object can be required to have the
286.Cm suid
287or
288.Cm sgid
289bits set.
290The owner of the object can be required to match the
291.Cm uid_of_subject
292or the
293.Cm gid_of_subject
294attempting the operation.
295The type of the object can be restricted to a subset of
296the following types.
297.Pp
298.Bl -tag -width ".Cm w" -compact -offset indent
299.It Cm a
300any file type
301.It Cm r
302a regular file
303.It Cm d
304a directory
305.It Cm b
306a block special device
307.It Cm c
308a character special device
309.It Cm l
310a symbolic link
311.It Cm s
312a unix domain socket
313.It Cm p
314a named pipe (FIFO)
315.El
316.It Cm mode Ar arswxn
317Similar to
318.Xr chmod 1 ,
319each character represents an access mode.
320If the rule applies,
321the specified access permissions are enforced
322for the object.
323When a character is specified in the rule,
324the rule will allow for the operation.
325Conversely, not including it will cause the operation
326to be denied.
327The definitions of each character are as follows:
328.Pp
329.Bl -tag -width ".Cm w" -compact -offset indent
330.It Cm a
331administrative operations
332.It Cm r
333read access
334.It Cm s
335access to file attributes
336.It Cm w
337write access
338.It Cm x
339execute access
340.It Cm n
341none
342.El
343.El
344.It Cm remove Ar rulenum
345Disable and remove the rule with the specified rule number.
346.El
347.Sh SEE ALSO
348.Xr mac_bsdextended 4 ,
349.Xr mac 9
350.Sh HISTORY
351The
352.Nm
353utility first appeared in
354.Fx 5.0 .
355.Sh AUTHORS
356This software was contributed to the
357.Fx
358Project by NAI Labs, the Security Research Division of Network Associates
359Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035
360.Pq Dq CBOSS ,
361as part of the DARPA CHATS research program.
362