xref: /freebsd/usr.sbin/ugidfw/ugidfw.8 (revision edf8578117e8844e02c0121147f45e4609b30680)
1.\" Copyright (c) 2002, 2004 Networks Associates Technology, Inc.
2.\" All rights reserved.
3.\"
4.\" This software was developed for the FreeBSD Project by Chris
5.\" Costello at Safeport Network Services and NAI Labs, the Security
6.\" Research Division of Network Associates, Inc. under DARPA/SPAWAR
7.\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
8.\" research program.
9.\"
10.\" Redistribution and use in source and binary forms, with or without
11.\" modification, are permitted provided that the following conditions
12.\" are met:
13.\" 1. Redistributions of source code must retain the above copyright
14.\"    notice, this list of conditions and the following disclaimer.
15.\" 2. Redistributions in binary form must reproduce the above copyright
16.\"    notice, this list of conditions and the following disclaimer in the
17.\"    documentation and/or other materials provided with the distribution.
18.\"
19.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
20.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29.\" SUCH DAMAGE.
30.\"
31.Dd February 24, 2004
32.Dt UGIDFW 8
33.Os
34.Sh NAME
35.Nm ugidfw
36.Nd "firewall-like access controls for file system objects"
37.Sh SYNOPSIS
38.Nm
39.Cm add
40.Cm subject
41.Op Cm not
42.Oo
43.Op Cm \&!
44.Cm uid Ar uid | minuid:maxuid
45.Oc
46.Oo
47.Op Cm \&!
48.Cm gid Ar gid | mingid:maxgid
49.Oc
50.Oo
51.Op Cm \&!
52.Cm jailid Ad jailid
53.Oc
54.Cm object
55.Op Cm not
56.Oo
57.Op Cm \&!
58.Cm uid Ar uid | minuid:maxuid
59.Oc
60.Oo
61.Op Cm \&!
62.Cm gid Ar gid | mingid:maxgid
63.Oc
64.Oo
65.Op Cm \&!
66.Cm filesys Ad path
67.Oc
68.Oo
69.Op Cm \&!
70.Cm suid
71.Oc
72.Oo
73.Op Cm \&!
74.Cm sgid
75.Oc
76.Oo
77.Op Cm \&!
78.Cm uid_of_subject
79.Oc
80.Oo
81.Op Cm \&!
82.Cm gid_of_subject
83.Oc
84.Oo
85.Op Cm \&!
86.Cm type Ar ardbclsp
87.Oc
88.Cm mode
89.Ar arswxn
90.Nm
91.Cm list
92.Nm
93.Cm set
94.Ar rulenum
95.Cm subject
96.Op Cm not
97.Oo
98.Op Cm \&!
99.Cm uid Ar uid | minuid:maxuid
100.Oc
101.Oo
102.Op Cm \&!
103.Cm gid Ar gid | mingid:maxgid
104.Oc
105.Oo
106.Op Cm \&!
107.Cm jailid Ad jailid
108.Oc
109.Cm object
110.Op Cm not
111.Oo
112.Op Cm \&!
113.Cm uid Ar uid | minuid:maxuid
114.Oc
115.Oo
116.Op Cm \&!
117.Cm gid Ar gid | mingid:maxgid
118.Oc
119.Oo
120.Op Cm \&!
121.Cm filesys Ad path
122.Oc
123.Oo
124.Op Cm \&!
125.Cm suid
126.Oc
127.Oo
128.Op Cm \&!
129.Cm sgid
130.Oc
131.Oo
132.Op Cm \&!
133.Cm uid_of_subject
134.Oc
135.Oo
136.Op Cm \&!
137.Cm gid_of_subject
138.Oc
139.Oo
140.Op Cm \&!
141.Cm type Ar ardbclsp
142.Oc
143.Cm mode
144.Ar arswxn
145.Nm
146.Cm remove
147.Ar rulenum
148.Sh DESCRIPTION
149The
150.Nm
151utility provides an
152.Xr ipfw 8 Ns -like
153interface to manage access to file system objects by UID and GID,
154supported by the
155.Xr mac_bsdextended 4
156.Xr mac 9
157policy.
158.Pp
159The arguments are as follows:
160.Bl -tag -width indent -offset indent
161.It Xo
162.Cm add
163.Cm subject
164.Ar ...
165.Cm object
166.Ar ...
167.Cm mode
168.Ar arswxn
169.Xc
170Add a new rule, automatically selecting the rule number.
171See the description of
172.Cm set
173for syntax information.
174.It Cm list
175Produces a list of all the current
176.Nm
177rules in the system.
178.It Xo
179.Cm set Ar rulenum
180.Cm subject
181.Ar ...
182.Cm object
183.Ar ...
184.Cm mode
185.Ar arswxn
186.Xc
187Add a new rule or modify an existing rule.
188The arguments are as follows:
189.Bl -tag -width ".Ar rulenum"
190.It Ar rulenum
191Rule number.
192Entries with a lower rule number
193are applied first;
194placing the most frequently-matched rules at the beginning of the list
195(i.e., lower-numbered)
196will yield a slight performance increase.
197.It Xo
198.Cm subject
199.Op Cm not
200.Oo
201.Op Cm \&!
202.Cm uid Ar uid | minuid:maxuid
203.Oc
204.Oo
205.Op Cm \&!
206.Cm gid Ar gid | mingid:maxgid
207.Oc
208.Oo
209.Op Cm \&!
210.Cm jailid Ad jailid
211.Oc
212.Xc
213Subjects performing an operation must match all the conditions given.
214A leading
215.Cm not
216means that the subject should not match the remainder of the specification.
217A condition may be prefixed by
218.Cm \&!
219to indicate that particular condition must not match the subject.
220The subject can be required to have a particular
221.Ar uid
222and/or
223.Ar gid .
224A range of uids/gids can be specified, separated by a colon.
225The subject can be required to be in a particular jail with the
226.Ar jailid .
227.It Xo
228.Cm object
229.Op Cm not
230.Oo
231.Op Cm \&!
232.Cm uid Ar uid | minuid:maxuid
233.Oc
234.Oo
235.Op Cm \&!
236.Cm gid Ar gid | mingid:maxgid
237.Oc
238.Oo
239.Op Cm \&!
240.Cm filesys Ad path
241.Oc
242.Oo
243.Op Cm \&!
244.Cm suid
245.Oc
246.Oo
247.Op Cm \&!
248.Cm sgid
249.Oc
250.Oo
251.Op Cm \&!
252.Cm uid_of_subject
253.Oc
254.Oo
255.Op Cm \&!
256.Cm gid_of_subject
257.Oc
258.Oo
259.Op Cm \&!
260.Cm type Ar ardbclsp
261.Oc
262.Xc
263The rule will apply only to objects matching all the specified conditions.
264A leading
265.Cm not
266means that the object should not match all the remaining conditions.
267A condition may be prefixed by
268.Cm \&!
269to indicate that particular condition must not match the object.
270Objects can be required to be owned by the user and/or group specified by
271.Ar uid
272and/or
273.Ar gid .
274A range of uids/gids can be specified, separated by a colon.
275The object can be required to be in a particular filesystem by
276specifying the filesystem using
277.Cm filesys .
278Note,
279if the filesystem is unmounted and remounted,
280then the rule may need to be reapplied to ensure the correct filesystem
281id is used.
282The object can be required to have the
283.Cm suid
284or
285.Cm sgid
286bits set.
287The owner of the object can be required to match the
288.Cm uid_of_subject
289or the
290.Cm gid_of_subject
291attempting the operation.
292The type of the object can be restricted to a subset of
293the following types.
294.Pp
295.Bl -tag -width ".Cm w" -compact -offset indent
296.It Cm a
297any file type
298.It Cm r
299a regular file
300.It Cm d
301a directory
302.It Cm b
303a block special device
304.It Cm c
305a character special device
306.It Cm l
307a symbolic link
308.It Cm s
309a unix domain socket
310.It Cm p
311a named pipe (FIFO)
312.El
313.It Cm mode Ar arswxn
314Similar to
315.Xr chmod 1 ,
316each character represents an access mode.
317If the rule applies,
318the specified access permissions are enforced
319for the object.
320When a character is specified in the rule,
321the rule will allow for the operation.
322Conversely, not including it will cause the operation
323to be denied.
324The definitions of each character are as follows:
325.Pp
326.Bl -tag -width ".Cm w" -compact -offset indent
327.It Cm a
328administrative operations
329.It Cm r
330read access
331.It Cm s
332access to file attributes
333.It Cm w
334write access
335.It Cm x
336execute access
337.It Cm n
338none
339.El
340.El
341.It Cm remove Ar rulenum
342Disable and remove the rule with the specified rule number.
343.El
344.Sh SEE ALSO
345.Xr mac_bsdextended 4 ,
346.Xr mac 9
347.Sh HISTORY
348The
349.Nm
350utility first appeared in
351.Fx 5.0 .
352.Sh AUTHORS
353This software was contributed to the
354.Fx
355Project by NAI Labs, the Security Research Division of Network Associates
356Inc.\& under DARPA/SPAWAR contract N66001-01-C-8035
357.Pq Dq CBOSS ,
358as part of the DARPA CHATS research program.
359