1 .\" $NetBSD: secmodel_suser.9,v 1.3 2009/10/02 20:31:19 elad Exp $
3 .\" Copyright (c) 2009 Elad Efrat <elad@NetBSD.org>
4 .\" All rights reserved.
6 .\" Redistribution and use in source and binary forms, with or without
7 .\" modification, are permitted provided that the following conditions
9 .\" 1. Redistributions of source code must retain the above copyright
10 .\" notice, this list of conditions and the following disclaimer.
11 .\" 2. Redistributions in binary form must reproduce the above copyright
12 .\" notice, this list of conditions and the following disclaimer in the
13 .\" documentation and/or other materials provided with the distribution.
14 .\" 3. The name of the author may not be used to endorse or promote products
15 .\" derived from this software without specific prior written permission.
17 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18 .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19 .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20 .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21 .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22 .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23 .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24 .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 .Nd super-user security model
36 implements the traditional
38 (root) as the user with effective user-id 0.
41 is the host administrator, considered to have higher privileges than other
46 variables are exported:
47 .Bl -tag -width compact
48 .It security.models.suser.curtain
49 If non-zero, will filter returned objects according to the user-id
50 requesting information about them, preventing from users any access to
51 objects they don't own.
53 At the moment, it affects
63 .It security.models.suser.usermount
64 Allow non-superuser mounts.
66 If non-zero, file-systems are allowed to be mounted by an ordinary user who
69 and has at least read access to the
78 must be given for non-superuser mounts.
85 .An Elad Efrat Aq elad@NetBSD.org