vfstab_adjunct(4)

NAME | SYNOPSIS | DESCRIPTION | ATTRIBUTES | EXAMPLES | SEE ALSO

NAME

vfstab_adjunct- Attribute data file for mounting a file system

SYNOPSIS

/etc/security/tsol/vfstab_adjunct

DESCRIPTION

The vfstab_adjunct file can be used to assign any or all of the following mount-time security attributes to the named file system when appropriate: an ACL, a mode, a user ID, a group ID, a sensitivity label, forced privilege(s), allowed privilege(s), a file attribute flag, a filesystem label range, or an MLD prefix. If the mount(1M) command is called with the -S option to specify security attributes, the vfstab_adjunct file is not consulted. Specifying mount-time attributes is meaningful only when mounting file systems that do not support the attributes.

If the file system already has security attributes, the attributes specified at mount time are ignored and a message is issued. Otherwise, the mount time attributes are used as the filesystem-wide security attributes. When access control decisions are made, any security attributes on a file or directory always take precedence over security attributes specified either at the filesystem level or mount time.

The vfstab_adjunct file should not be edited directly; instead, it should be edited using the Set Mount Attributes action, which maintains the proper user, group, sensitivity label, and file permissions for the file and audits all changes. The Set Mount Attributes action resides in the System_Admin folder available in the Application Manager folder in the Front Panel. By default, the security administrator (secadmin) role has the Set Mount Attributes action in the File System Security execution profile.

Mount-time security attributes can be specified for file systems whose objects do not have any attributes (such as user and group IDs) and for file systems that do not have the Trusted Solaris extended security attributes (such as sensitivity labels). When an appropriate attribute is not specified at mount time for a fixed attribute file system, a default value is applied. The default values are described later in this section.

File system types UFS, TMPFS, and NFS (from a Trusted Solaris server) have a full set of Trusted Solaris extended security attributes already defined. (See the getfsattr(1M) man page for how to get attributes on mounted file systems). Because the attributes can be changed on these file systems after they are mounted, they are called variable file systems. For example, the sensitivity label on a file in a variable file system can be changed by an authorized user. Security attributes on variable file systems can be overridden at mount-time, but objects in the file system that have assigned security attributes retain those attributes.

File systems that do not support the Trusted Solaris extended security attributes are called fixed because any attributes assigned to them (either at mount time or by default) cannot be changed. For example, the sensitivity label specified for a mounted fixed-attribute file system cannot be changed on any of the objects in that file system. An object that is moved or copied from the fixed file system to a variable file system can be changed after the move.

Mount-time security attributes override existing security attributes on a file system. However, mount-time attributes never override security attributes on the files and directories within the file system.

Each record in the vfstab_adjunct file represents a single file system. An entry consists of the file system's full pathname followed by a semicolon, followed by keyword=value assignments in semicolon-separated fields.

The pathname of the file system is the only portion of the entry that is required and therefore has no keyword associated with it. All keyword fields are optional and follow the format: keyword=value where keyword is one of the following:

acc_acl

Sets the same ACL on all files or directories in the file system. See aclfromtext(3) for the format.

mode

Sets a DAC permission mode for each object in the file system. The only supported mode is the absolute mode, which is specified using octal numbers. See the description for the absolute-mode parameter on the chmod(1) man page.

(Because the mode is an object-level attribute that has precedence over any mount-time attributes, setting a mode is only meaningful in the rare case when the type of file system being mounted does not support permission bits. In such cases, it is recommended that a value be explicitly specified for the mode.)

attr_flg

Sets an attribute flag on all files in the file system. The only supported attr_flag value is public, whose effect is that when certain read operations are performed on any object in the file system on which this flag is set, audit records are not generated even when the operations are part of a preselected audit class, with the following exception. If the audit pseudo-event for use of privilege (AUE_UPRIV) is included in a preselected audit class and if the operation involves the use of privilege), then an audit record is always generated. With the previous exception, the read operations for which audit records are not generated when the public flag is set are: access(2), fgetcmwlabel(2), fgetsldname(2), fstatvfs(2), getcmwfsrange(2), getcmwlabel(2), getfpriv(2), getmldadorn(2), getsldname(2), lgetcmwlabel(2), lstat(2), open(2)--read only, pathconf(2), preadl(2), readl(2), readlink(2), stat(2), statvfs(2), mldlstat(3), and mldstat(3). See Trusted Solaris Administrator's Procedures for more details.

gid

Sets the group ID for all objects in the file system. (Because the GID is an object-level attribute that has precedence over any mount-time attributes, setting this is only useful in the rare case when the type of file system being mounted does not have GIDs on its files or directories. In such cases, it is recommended that a value be explicitly specified for the GID.)

uid

Sets the user ID for all objects in the file system. (Because the UID is an object-level attribute that has precedence over any mount-time attributes, setting this is only useful in the rare case when the type of file system being mounted does not have UIDs on its files or directories. In such cases, it is recommended that a value be explicitly specified for the UID.)

slabel

Sets the sensitivity label for all objects in the file system. Specify the sensitivity label in string (text) or hexadecimal format.

forced

Specify one or more forced privileges for all executable files in the file system. Specify symbolic privilege name(s) in a comma-separated list (such as: forced=file_audit, file_chown;) or use all to indicate all privileges. Using none or omitting the keyword results in no forced privileges being applied. For example, the assignment of forced=; results in the default of none being applied. Any forced privileges must be a subset of the allowed privileges. See priv_desc(4) for names of privileges.

allowed

Specify one or more allowed privilege(s) for all executable files in the file system. Specify symbolic privilege names in a comma-separated list (such as: allowed=file_audit, file_chown;) or use all to indicate all privileges. Using none or omitting the keyword results in no allowed privileges being applied. See priv_desc(4) for names of privileges. Any allowed privilege(s) must be a superset of the forced privileges.

low_range

Specify the lower bound of the file system label range as a sensitivity label in string (text) or hexadecimal format.

hi_range

Specify the upper bound of the file system label range as a sensitivity label in string (text) or hexadecimal format.

mld_prefix

Set a prefix to be used in the adorned names of multilevel directories. (See multilevel directories in the DEFINITIONS in Intro(2) for more about the MLD prefix.) Specify the value in text format (such as: .MLD. or .hidden.). On unlabeled (fixed attribute) file systems, the prefix generally has no useful effect--with the exception that an mld_prefix should be supplied if a variable filesystem is being mounted on the unlabeled filesystem and the root of the variable filesystem is an MLD.

A comment line or entry is terminated by an unescaped newline character. Lines ending with a (\) (backslash) continue the current entry to the next line. Leading and trailing white space characters (blank, tab) surrounding a keyword or an attribute value are ignored. When a keyword value is quoted, spaces can be included within the value. Comments are indicated by a pound sign (#) at the beginning of a line and cause the rest of the line to be ignored.

When a keyword appears without an attribute value or when a keyword is missing, a default value is assigned to that attribute. The default values for fixed attribute file systems are:

acc_acl

None

mode

The mode should always be explicitly set for file systems that do not support access modes, such as MS-DOS (pcfs type) file systems.

attr_flag

None

gid

The GID should always be explicitly set for file systems that do not support group IDs, such as MS-DOS (pcfs type) file systems.

uid

The UID should always be explicitly set for file systems that do not support user IDs, such as MS-DOS (pcfs type) file systems.

slabel

The default sensitivity label of a fixed file system being mounted from a local device (such as a hard disk, floppy, or CD-ROM) is the sensitivity label of the device. For an allocated device, the file system is assigned the sensitivity label at which the device was allocated.

forced

None

allowed

None

low_range

ADMIN_LOW

hi_range

ADMIN_HIGH

mld_prefix

None

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWtsr

EXAMPLES

---

Example 1 PUBLIC Filesystem




The following example sets a sensitivity label of PUBLIC on a file system (/workspaces) being mounted from an unlabeled host running the Solaris operating environment. For this to work, PUBLIC must be a valid sensitivity label on the local host, the file system must either be automounted or an entry must exist for the file system in the vfstab(4) file. Also, entries for the unlabeled host in the tnrhdb/tnrhtp files must assign a template to the unlabeled host that specifies a matching default sensitivity label of PUBLIC.

/workspaces; \ 
slabel=PUBLIC;

---

---

Example 2 DOS Filesystem




The following example is for a DOS file system named /no_attributes, being mounted from a floppy disk. The file system contains an executable that needs the file_chown privilege in order to work. The entry sets a UID and GID of 0, a mode of 02777, a public attribute flag, a forced privilege of file_chown and allowed privileges equal to all. It explicitly sets the low_range for the file system to ADMIN_LOW and lowers the hi_range from the default of ADMIN_HIGH to ADMIN_LOW.

/no_attributes; \
mode=02777; \
attr_flg=public; \ 
gid=0; \ 
uid=0; \
slabel=admin_low; \
forced=file_chown; \
allowed=all; \
low_range=admin_low; \
hi_range=admin_low;

---

SEE ALSO

Trusted Solaris 7 Reference Manual

getfattrflag(1), getfsattr(1M), setfsattr(1M), getmldadorn(1), mount(1M), mount_hsfs(1M), mount_nfs(1M), mount_nfs(1M), mount_tmpfs(1M), mount_ufs(1M), newsecfs(1M), priv_desc(4)

Trusted Solaris Audit Administration and Trusted Solaris Administrator's Procedures

SunOS 5.7 Reference Manual

setfacl(1), mount_cachefs(1M), attributes(5)

Trusted Solaris 7  Last Revised 30 Sep 1999

NAME | SYNOPSIS | DESCRIPTION | ATTRIBUTES | EXAMPLES | SEE ALSO