Add a man page for ugidfw(8).

Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
svn path=/head/; revision=105303
2025-01-04 12:52:15 +00:00 · 2002-10-17 01:54:37 +00:00 · 2002-10-17 01:54:37 +00:00 · fb8085a281 · 2020-12-20 02:59:44 +00:00
commit fb8085a281
parent cc5ce63097
1 changed files with 176 additions and 0 deletions
--- a/usr.sbin/ugidfw/ugidfw.8
+++ b/usr.sbin/ugidfw/ugidfw.8
@ -0,0 +1,176 @@
+.\" Copyright (c) 2002 Networks Associates Technology, Inc.
+.\" All rights reserved.
+.\" 
+.\" This software was developed for the FreeBSD Project by Chris
+.\" Costello at Safeport Network Services and NAI Labs, the Security
+.\" Research Division of Network Associates, Inc. under DARPA/SPAWAR
+.\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
+.\" research program.
+.\" 
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\" 3. The names of the authors may not be used to endorse or promote
+.\"    products derived from this software without specific prior written
+.\"    permission.
+.\" 
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+.\" SUCH DAMAGE.
+.\" 
+.\" $FreeBSD$
+.Dd OCTOBER 11, 2002
+.Dt UGIDFW 8
+.Sh NAME
+.Nm ugidfw
+.Nd firewall-like access controls for file system objects
+.Sh SYNOPSIS
+.Nm
+.Cm list
+.Nm
+.Cm set
+.Ar rulenum
+.Cm subject
+.Op Cm not
+.Op uid Ar uid
+.Op gid Ar gid
+.Cm object
+.Op Cm not
+.Op Cm uid Ar uid
+.Op Cm gid Ar gid
+.Cm mode
+.Ar arswxn
+.Nm
+.Cm remove
+.Ar rulenum
+.Sh DESCRIPTION
+The
+.Nm
+command provides an
+.Xr ipfw 8 Ns -like
+interface to manage accesses to file system objects by UID and GID,
+supported by the
+.Nm mac_bsdextended
+.Xr mac 9
+policy.
+.Pp
+The arguments are as follows:
+.Bl -tag -width 6n -offset indent
+.It Cm list
+Produces a list of all the current
+.Nm
+rules in the system.
+.It Xo
+.Cm set Ar rulenum
+.Cm subject
+.Op Cm not
+.Op uid Ar uid
+.Op gid Ar gid
+.Cm object
+.Op Cm not
+.Op Cm uid Ar uid
+.Op Cm gid Ar gid
+.Cm mode
+.Ar arswxn
+.Xc
+Add a new rule or modify an existing rule.
+The arguments are as follows:
+.Bl -tag -width 7n
+.It Ar rulenum
+Rule number.
+Entries with a lower rule number
+are applied first;
+placing the most frequently-matched rules at the beginning of the list
+(i.e. lower-numbered)
+will yield a slight performance increase.
+.It Xo
+.Cm subject
+.Op Cm not
+.Op Cm uid Ar uid
+.Op Cm gid Ar gid
+.Xc
+Subjects performing an operation must match
+(or, if
+.Dq not
+is specified, must
+.Em not
+match)
+the user and group specified by
+.Ar uid
+and/or
+.Ar gid
+for the rule to be applied.
+.It Xo
+.Cm object
+.Op Cm not
+.Op Cm uid Ar uid
+.Op Cm gid Ar gid
+.Xc
+Objects must be owned by
+(or, if
+.Dq not
+is specified, must
+.Em not
+be owned by)
+the user and/or group specified by
+.Ar uid
+and/or
+.Ar gid
+for the rule to be applied.
+.It Cm mode Ar arswxn
+Similar to
+.Xr chmod 1 ,
+each character represents an access mode.
+If the rule applies,
+the specified access permissions are enforced
+for the object.
+When a character is specified in the rule,
+the rule will allow for the operation.
+Conversely, not including it will cause the operation
+to be denied.
+The definitions of each character are as follows:
+.Bl -tag -width 3n -compact -offset indent
+.It Sq a
+Administrative operations
+.It Sq r
+Read access
+.It Sq s
+Access to file attributes
+.It Sq w
+Write access
+.It Sq x
+Execute access
+.It Sq n
+None
+.El
+.El
+.It Cd remove Ar rulenum
+Disable and remove the rule with the specified rule number.
+.El
+.
+.Sh SEE ALSO
+.Xr mac 9
+.Sh HISTORY
+The
+.Nm
+command first appeared in
+.Fx 5.0 .
+.Sh AUTHORS
+This software was contributed to the
+.Fx
+Project by NAI Labs, the Security Research Division of Network Associates Inc.
+under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"),
+as part of the DARPA CHATS research program.