You as an administrator are responsible for correctly setting up and maintaining discretionary access control (DAC) and mandatory access control (MAC) protections for security-critical files. Critical files include the following:
shadow file – Contains encrypted passwords. See shadow(4).
prof_attr database – Contains definitions of rights profiles. See prof_attr(4).
exec_attr database – Contains commands and actions that are part of rights profiles. See exec_attr(4).
user_attr file – Contains the rights profiles, privileges, and authorizations that are assigned to local users. See user_attr(4).
Audit trail – Contains the audit records that the auditing service has collected. See audit.log(4)
Because the protection mechanisms for LDAP entries are not subject to the access control policy enforced by the Trusted Extensions software, the default LDAP entries must not be extended, and their access rules must not be modified.