Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
UGIDFW(8)               FreeBSD System Manager's Manual              UGIDFW(8)

     ugidfw - firewall-like access controls for file system objects

     ugidfw list
     ugidfw set rulenum subject [not] [uid uid] [gid gid] object [not]
            [uid uid] [gid gid] mode arswxn
     ugidfw remove rulenum

     The ugidfw utility provides an ipfw(8)-like interface to manage accesses
     to file system objects by UID and GID, supported by the
     mac_bsdextended(4) mac(9) policy.

     The arguments are as follows:

           list    Produces a list of all the current ugidfw rules in the

           set rulenum subject [not] [uid uid] [gid gid] object [not] [uid
                   uid] [gid gid] mode arswxn
                   Add a new rule or modify an existing rule.  The arguments
                   are as follows:

                   rulenum      Rule number.  Entries with a lower rule number
                                are applied first; placing the most
                                frequently-matched rules at the beginning of
                                the list (i.e. lower-numbered) will yield a
                                slight performance increase.

                   subject [not] [uid uid] [gid gid]
                                Subjects performing an operation must match
                                (or, if not is specified, must not match) the
                                user and group specified by uid and/or gid for
                                the rule to be applied.

                   object [not] [uid uid] [gid gid]
                                Objects must be owned by (or, if not is
                                specified, must not be owned by) the user
                                and/or group specified by uid and/or gid for
                                the rule to be applied.

                   mode arswxn  Similar to chmod(1), each character represents
                                an access mode.  If the rule applies, the
                                specified access permissions are enforced for
                                the object.  When a character is specified in
                                the rule, the rule will allow for the
                                operation.  Conversely, not including it will
                                cause the operation to be denied.  The
                                definitions of each character are as follows:

                                      a      administrative operations
                                      r      read access
                                      s      access to file attributes
                                      w      write access
                                      x      execute access
                                      n      none

           remove rulenum
                   Disable and remove the rule with the specified rule number.

     mac_bsdextended(4), mac(9)

     The ugidfw utility first appeared in FreeBSD 5.0.

     This software was contributed to the FreeBSD Project by NAI Labs, the
     Security Research Division of Network Associates Inc. under DARPA/SPAWAR
     contract N66001-01-C-8035 (``CBOSS''), as part of the DARPA CHATS
     research program.

FreeBSD 11.0-PRERELEASE        October 11, 2002        FreeBSD 11.0-PRERELEASE


Want to link to this manual page? Use this URL:

home | help