DOC HOME
SITE MAP
MAN PAGES
GNU INFO
SEARCH
PRINT BOOK
Managing system security
Introduction to security
Security and your system
Who should read this?
What is security?
Elements of the security policy
The kernel and system architecture
System architecture (SA) definition
File management
I/O management
Kernel utilities
Memory management
Process management
System services
Access control
DAC checking algorithm
How system architecture relates to security
How modularity relates to security
How object reuse relates to security
Object reuse and physical media
Security mechanisms visible to users
Identification and authentication (I&A)
login
Discretionary access control (DAC)
File permission modes
Access control lists (ACLs)
DAC commands and system calls
Process privileges
File privileges
Privileges possessed by processes
Relating file privileges and process privileges
How the components of the system work together
The shell
Security procedures
Suggestions for making your system secure
Login logging
loginlog
Enabling login logging
Last login time
Recording su use
Checking file characteristics
Creating reference files
Check set-UIDs
Before you begin
Example: checking set-UIDs
Check set-UIDs by filesystem
Before you begin
Example: checking set-UIDs by filesystem
Checking file privileges
Example: checking file privileges
Administering privilege
The traditional privilege model
The current privilege model
Why have fixed privileges?
The need for an all-Privileged user
A file-Based privilege mechanism
File and process privileges
Privileges associated with a file
Privileges associated with a process
The privilege policy
Recalculating process privileges
Privilege initialization at system startup
Privileges and the filepriv command
Displaying privilege information
Installing a new program requiring privileges
Changing privileges on an existing file
Removing privileges from existing files
Updating the file privilege database
Trusted facility management
Executing processes with privilege: TFM
Administrative roles
TFM and administrative roles
Displaying commands and privileges for a role
Adding commands to a new role
Adding commands to an existing role
Removing commands and privileges for a role
Removing a role
Functioning in more than one role
Assigning roles to users
Adding commands for a user
Removing commands from the TFM database
Removing a user from the TFM database
The tfadmin command
Executing commands with privilege
tfadmin and other commands
When to use tfadmin or filepriv
NSS Overview