IBM 10 SP1 EAL4 User Manual
•
/etc/ftpusers: The ftpusers text file contains a list of users who cannot log in using the File
Transfer Protocol (FTP) server daemon. The file is owned by the root user and root group, and its
mode is 644.
mode is 644.
•
/etc/apparmor/* and /etc/apparmor.d/*: The directories /etc/apparmor and
/etc/apparmor.d contain several configuration files that are used by the AppArmor LSM
/etc/apparmor.d contain several configuration files that are used by the AppArmor LSM
modules. Both directories are owned by the root user and root group, and their mode is 755.
5.11.2.1 Access control rules
5.11.2.1.1 DAC
Discretionary Access Checks (DAC) access control rules specify how a certain process with appropriate DAC
security attributes can access an object with a set of DAC security attributes. In addition, DAC access control
rules also specify how subject and object security attributes transition to new values and under what
conditions. DAC access control lists are described in detail in Section 5.1.5.2.
security attributes can access an object with a set of DAC security attributes. In addition, DAC access control
rules also specify how subject and object security attributes transition to new values and under what
conditions. DAC access control lists are described in detail in Section 5.1.5.2.
5.11.2.1.2 Software privilege
Software privilege for DAC policy is based on the user ID of the process. At any time, each process has an
effective user ID, an effective group ID, and a set of supplementary group IDs. These IDs determine the
privileges of the process. A process with a user ID of 0 is a privileged process, with capabilities of bypassing
the access control policies of the system. The root user name is commonly associated with user ID 0, but
there can be other users with this ID.
Additionally, the SLES kernel has a framework for providing software privilege for DAC policy through
capabilities. These capabilities, which are based on the POSIX.1e draft, allow breakup of the kernel software
privilege associated with user ID zero into a set of discrete privileges based on the operation being attempted.
For example, if a process is trying to create a device special file by invoking the mknod() system call, instead
of checking to ensure that the user ID is zero, the kernel checks to ensure that the process is capable of
creating device special files. In the absence of special kernel modules that define and use capabilities, as is
the case with the TOE, capability checks revert back to granting kernel software privilege based on the user
ID of the process.
effective user ID, an effective group ID, and a set of supplementary group IDs. These IDs determine the
privileges of the process. A process with a user ID of 0 is a privileged process, with capabilities of bypassing
the access control policies of the system. The root user name is commonly associated with user ID 0, but
there can be other users with this ID.
Additionally, the SLES kernel has a framework for providing software privilege for DAC policy through
capabilities. These capabilities, which are based on the POSIX.1e draft, allow breakup of the kernel software
privilege associated with user ID zero into a set of discrete privileges based on the operation being attempted.
For example, if a process is trying to create a device special file by invoking the mknod() system call, instead
of checking to ensure that the user ID is zero, the kernel checks to ensure that the process is capable of
creating device special files. In the absence of special kernel modules that define and use capabilities, as is
the case with the TOE, capability checks revert back to granting kernel software privilege based on the user
ID of the process.
5.11.3 Trusted commands and trusted processes
The Identification and Authentication subsystem contains the agetty and mingetty trusted processes and
the gpasswd, login, passwd, and su trusted commands.
5.11.3.1 agetty
agetty, the alternative Linux getty, is invoked from /sbin/init when the system transitions from a
single-user mode to a multi-user mode. agetty opens a tty port, prompts for a login name, and invokes
/bin/login to authenticate. Refer to the agetty man page for more detailed information. agetty
/bin/login to authenticate. Refer to the agetty man page for more detailed information. agetty
follows these steps:
1. Sets language.
2. Parses command line setup options such as timeout and the alternate login program.
3. Updates the utmp file with tty information.
4. Initializes terminal I/O characteristics. Examples are modems or regular terminals.
5. Prompts for login name.
2. Parses command line setup options such as timeout and the alternate login program.
3. Updates the utmp file with tty information.
4. Initializes terminal I/O characteristics. Examples are modems or regular terminals.
5. Prompts for login name.
176