acladd |
Adds ACL entries to the kernel tables holding access
control lists used by DACinet. The syntax of the parameters for the acladd subcommand is:
[-]addr[/length][u:user|uid| g:group|gid] The parameters
are defined as follows:
- addr
- A DNS hostname or an IP v4/v6 address. A "-" before the address means
that this ACL entry is used to deny access rather than to allow access.
- length
- Indicates that addr is to be used as a network
address rather than host address, with its first length bits taken from addr.
- u:user|uid
- Optional user identifier. If the uid is not
specified, all users on the specified host or subnet are given access to the
service. If supplied, only the specified user is given access.
- g:group|gid
- Optional group identifier. If the gid is not
specified, all users on the specified host or subnet are given access to the
service. If supplied, only the specified group is given access.
|
aclclear |
Clears the ACL for specified service or port. |
acldel |
Deletes ACL entries from the kernel tables holding access
control lists used by DACinet. The dacinet acldel subcommand
deletes an entry from an ACL only if it is issued with parameters that exactly
match the ones that were used to add the entry to the ACL. The
syntax of the parameters for the acldel subcommands
is as follows:
[-]addr[/length][u:user|uid| g:group|gid] The parameters are
defined as follows:
- addr
- A DNS hostname or an IP v4/v6 address. A "-" before the address means
that this ACL entry is used to deny access rather than to allow access.
- length
- Indicates that addr is to be used as a network
address rather than host address, with its first length bits taken from addr.
- u:user|uid
- Optional user identifier. If the uid is not
specified, all users on the specified host or subnet are given access to the
service. If supplied, only the specified user is given access.
- g:group|gid
- Optional group identifier. If the gid is not
specified, all users on the specified host or subnet are given access to the
service. If supplied, only the specified group is given access.
|
aclflush |
Clears all the ACLs defined in the system, rendering
all TCP ports inaccessible to connection requests except from the root user
on the host. It also clears privileged ports such that any process can bind
to any port above 1024. |
aclls |
Lists the ACL for the specified service or port. dacinet
aclls 0 lists the default ACL. For authentication processing, from a logical
perspective, the default ACL is appended to the ACL for the service. If no
entry on the ACL matches the user attempting a connection to the service,
access is denied. If one or more entries exist, the first one on the list
with a user|group@host|subnet that matches the connection requestor
determines the user's ability to connect to the service. It is thus possible
to deny a service to a member of a group that has access to the service merely
by adding a deny entry for that member before adding the allow entry for the
group. |
lspriv |
Lists all the privileged services or ports that are
not permanently privileged (that is, it lists only privileged services with
port numbers above 1024). |
setpriv |
Makes the specified service or port privileged such
that only a process with superuser privileges may bind to the port and thereby
offer a service on that port. Ports below 1024 are ignored as they are permanently
privileged. |
unsetpriv |
Makes the specified service or port unprivileged such
that any process may bind to it. Any process may also bind to any port in
the current ephemeral port range, regardless of whether that port is marked
as privileged. |