:man| Alphabetical   Categories   About us 
 
MAC_SEEOTHERUIDS (4) | Special files and drivers | Unix Manual Pages | :man

NAME

mac_seeotheruids - "simple policy controlling whether users see other users"

CONTENTS

Synopsis
Description
Label Format
See Also
History
Authors
Bugs

SYNOPSIS

To compile the policy into your kernel, place the following lines in your kernel configuration file:


.Cd "options MAC"


.Cd "options MAC_SEEOTHERUIDS"

Alternately, to load the module at boot time, place the following line in your kernel configuration file:


.Cd "options MAC"

and in loader.conf(5):
mac_seeotheruids_load="YES"

DESCRIPTION

The mac_seeotheruids policy module, when enabled, denies users to see processes or sockets owned by other users.

To enable mac_seeotheruids, set the sysctl OID security.mac.seeotheruids.enabled to 1.

To allow users to see processes and sockets owned by the same primary group, set the sysctl OID security.mac.seeotheruids.primarygroup_enabled to 1.

To allow processes with a specific group ID to be exempt from the policy, set the sysctl OID security.mac.seeotheruids.specificgid_enabled to 1, and security.mac.seeotheruids.specificgid to the group ID to be exempted.

Label Format

No labels are defined for mac_seeotheruids.

SEE ALSO

mac(4), mac_biba(4), mac_bsdextended(4), mac_ifoff(4), mac_lomac(4), mac_mls(4), mac_none(4), mac_partition(4), mac_portacl(4), mac_test(4), mac(9)

HISTORY

AUTHORS

BUGS

mac(9)


Share this page

     Follow us

Facebook Twitter Google+ LinkedIn


 
Created by Blin Media, 2008-2013