Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ lprotect(8) — bsd — Apollo Domain/OS SR10.4.1

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

rbak(1)

LPROTECT(8)                     Domain/OS BSD                      LPROTECT(8)




NAME
     lprotect - control local protection

SYNOPSIS
     /etc/lprotect [-rmtroot all | none | readonly] [-protect unix | owners |
     aegis ]

DESCRIPTION
     lprotect enables system administrators to set the following Domain/OS
     security policies:

     ⊕  Control what privileges processes running as root (locksmith) on
        remote nodes have on the local node.

     ⊕  Specify which users can perform privileged operations, such as
        mounting disk volumes and restoring or copying files with their
        original ACLs.

        When executed without options, lprotect prints a message declaring the
        current setting of both security policies.

OPTIONS
     -rmtroot all | none | readonly
               Determines how local nodes handle requests made by superusers
               logged in as root (locksmith) on remote nodes. The rmtroot
               option provides three levels of privilege, as follows:

               ⊕  The all argument permits the remote superuser to have all
                  privileges on the local node. The default level of
                  privilege, upon node boot, is all.

               ⊕  The none argument limits access to the local system by
                  changing the remote superuser's identity to "user.none.none"
                  before any access checks or rights determinations are made.

               ⊕  The readonly argument permits a remote superuser to retain
                  the superuser identity for read operations only. For write
                  and execute operations, readonly performs like the none
                  argument: it limits access by changing the remote
                  superuser's identity to "user.none.none" before any access
                  checks or rights determinations are made.

                  The none and readonly arguments also

                  ⊕  prohibit remote root users from setting setid bits on
                     files or stamping files as protected subsystem managers
                     or objects.

                  ⊕  prevent any setid programs or files that reside on remote
                     nodes from successfully changing their process identity
                     when being executed on the local node.

     -protect unix | owners | aegis
               Controls which users, if any, are permitted to perform the
               following privileged operations on a local node:

               mount disk volumes

               restore files with their original ACLs (rbak -sacl)

               copy files with their original ACLs (cp -P, cpf -sacl)

          The protect option provides three levels of user privilege:

               ⊕  The unix argument permits only the root (locksmith) user to
                  perform the privileged operations. This level of control is
                  similar to the policy enforced by traditional UNIX operating
                  system implementations.

               ⊕  The aegis argument permits all users to perform privileged
                  operations.  This level of control is similar to the policy
                  enforced by earlier versions of the Aegis operating system
                  environment. The default argument for the -protect option is
                  aegis.

               ⊕  The owners argument permits a set of users, including the
                  superuser, to perform privileged operations.  The set of
                  privileged users is determined from the access control list
                  (ACL) of the file `nodedata/nodeowners at the time the
                  lprotect command is executed. Any user identity with write
                  access rights to this file is considered privileged.

                  Note that any user can run the lprotect program to determine
                  what the current settings are; however, only users with "p"
                  rights (allows rights to be changed) to
                  `nodedata/nodeowners can run the lprotect program to
                  change the current settings.

EXAMPLE
     To allow remote processes running as root (locksmith) on remote nodes to
     have no privileges on the local node, use the following command:

     $ /etc/lprotect -rmtroot none


     To check the current privileges of remote processes running as root
     (locksmith) and the current protection mode, enter the following command:

     $ /etc/lprotect
     No remote root requests are honored. (-rmtroot none)
     Aegis protection mode currently in force. (-protect aegis)


     To enforce UNIX operating system protection controls, enter the following
     command:

     $ /etc/lprotect -protect unix


SEE ALSO
     rbak(1)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026