| Mode |
Meaning |
|---|
Object Permission Modes
| r |
This object can be opened for reading. |
| w |
This object can be opened for writing or appending. |
| a |
This object can be opened for appending. |
| c |
Allow creation of the file/directory. |
| x |
This object can be executed (or mmap’d with PROT_EXEC into a task). |
| d |
Allow deletion of the file/directory. |
| h |
This object is hidden. |
| t |
This object can be ptraced, but cannot modify the running task. This is referred to as a 'read-only ptrace'. |
| p |
Reject all ptraces to this object. |
| i |
This mode only applies to binaries. When the object is executed, it inherits the ACL of the subject in which it was contained. |
| m |
Allow creation of setuid/setgid files/directories and modification of files/directories to be setuid/setgid. |
| l |
Allow a hardlink at this path. Hardlinking requires a minimum of c and l modes, and the target link cannot have any greater permission than the source file. |
| none |
Lack of any of the above modes implies "find" access to the object. The object can be listed and have its ownership, size, etc. information obtained, but cannot be read or modified. |
| Mode |
Meaning |
|---|
Object Auditing Flags
| M |
Audit the setuid/setgid creation/modification. |
| C |
Audit the creation. |
| D |
Audit the deletion. |
| L |
Audit link creation. |
| R |
Audit successful reads to this object. |
| W |
Audit successful writes to this object. |
| X |
Audit successful execs of this object. |
| A |
Audit successful appends to this object. |
| F |
Audit successful finds of this object. |
| I |
Audit successful ACL inherits of this object. |
| Mode |
Meaning |
|---|
Other Object Flags
| s |
Logs will be suppressed for denied access to this object. |
Last modified on 6 March 2011, at 04:18