Trusted Solaris Administrator's Procedures

To Set Security Attributes on a File System

  1. Assume the System Administrator role and go to an ADMIN_LOW workspace.

  2. Use the Set Mount Points action to open the /etc/vfstab file and make sure that an entry exists for the file system:


    /dev/dsk/c0t3d0s4  /dev/rdsk/c0t3d0s4  /spublic  ufs  2  yes -
    
  3. Change to an ADMIN_HIGH workspace.

    See "To Work at a Different Label" for changing the label of your workspace.

  4. Enter the umount command to unmount the file system.


    $ umount /spublic
    
  5. Assume the Security Administrator role and go to an ADMIN_LOW workspace.

  6. Enter the setfsattr command with the appropriate arguments, then remount the file system.

    The following example sets a label range of SECRET to SECRET.


    $ setfsattr -l "Secret;Secret" /public
    $ mount /spublic
    

    Caution - Caution -

    Do not use proprietary names for mounted file systems. The names of mounted file systems are visible to every user.