•/etc/ftpusers: The ftpusers text file contains a list of users who cannot log in using the File Transfer Protocol (FTP) server daemon. The file is owned by the root user and root group, and its mode is 644.
•/etc/apparmor/* and /etc/apparmor.d/*: The directories /etc/apparmor and
/etc/apparmor.d contain several configuration files that are used by the AppArmor LSM modules. Both directories are owned by the root user and root group, and their mode is 755.
5.11.2.1Access control rules
5.11.2.1.1DAC
Discretionary Access Checks (DAC) access control rules specify how a certain process with appropriate DAC security attributes can access an object with a set of DAC security attributes. In addition, DAC access control rules also specify how subject and object security attributes transition to new values and under what conditions. DAC access control lists are described in detail in Section 5.1.5.2.
5.11.2.1.2Software privilege
Software privilege for DAC policy is based on the user ID of the process. At any time, each process has an effective user ID, an effective group ID, and a set of supplementary group IDs. These IDs determine the privileges of the process. A process with a user ID of 0 is a privileged process, with capabilities of bypassing the access control policies of the system. The root user name is commonly associated with user ID 0, but there can be other users with this ID.
Additionally, the SLES kernel has a framework for providing software privilege for DAC policy through capabilities. These capabilities, which are based on the POSIX.1e draft, allow breakup of the kernel software privilege associated with user ID zero into a set of discrete privileges based on the operation being attempted. For example, if a process is trying to create a device special file by invoking the mknod() system call, instead of checking to ensure that the user ID is zero, the kernel checks to ensure that the process is capable of creating device special files. In the absence of special kernel modules that define and use capabilities, as is the case with the TOE, capability checks revert back to granting kernel software privilege based on the user ID of the process.
5.11.3Trusted commands and trusted processes
The Identification and Authentication subsystem contains the agetty and mingetty trusted processes and the gpasswd, login, passwd, and su trusted commands.
5.11.3.1agetty
agetty, the alternative Linux getty, is invoked from /sbin/init when the system transitions from a
1.Sets language.
2.Parses command line setup options such as timeout and the alternate login program.
3.Updates the utmp file with tty information.
4.Initializes terminal I/O characteristics. Examples are modems or regular terminals.
5.Prompts for login name.
176
