Access Control Lists specify, which subject (user, RC role or ACL group) may access which object (of an object type) with which requests (usual RSBAC requests and ACL specials).
If there is no ACL entry for a subject at an object, the rights to the parent object are inherited. Inheritance can be restricted by inheritance masks.
On top of the inheritance hierarchy there is a default ACL for each object type (FILE, DIR, ...).
To change the ACL of an object, you need the special right Access Control for this object. The special right Forward allows to give somebody else the rights you have, but you cannot revoke them afterwards.
Special right Supervisor includes all other rights, can never be masked out (unless allowed in kernel configuration) and can only be set by users who already have it. This right is set for user 400 in those default ACLs, which cannot be successfully read from disk at boot time, e.g. because of new installation.
All object types are supported. IPC, USER and PROCESS objects only have the common default ACL, which is always inherited to all objects of this type - these objects are too short-lived to administrate useful individual ACLs.
As of version 1.0.9a, there are an unchangeable ACL group Everyone (group 0), which by definition contains all possible users, as well as user defined groups.
Group management allows every user to define global and private groups without restriction. Global groups can be used by every user, private ones only by the group owner. Also, the group owner is the only one allowed to add or remove group members or to change the group settings name, owner and type. Since the owner can be changed, groups are transferable (thus making them possibly unaccessible for the original owner). This feature might become optional in future releases, because it can be used for attacks.
Group rights are added to user and role rights. As there is no global group administrator, very user can do the job of maintaining a sensible group structure, e.g. user secoff.
Just to mention: Similarities to other PC network systems may not be accidential... ;-)
From version 1.2.0, you can set time-to-live values for all ACL entries and group memberships. After the given time, the entry is deleted and further access rights change according to the remaining settings.
You can set ttl values with parameters -t, -T and -D in the ACL admin tools or through rsbac_acl_menu and rsbac_acl_group_menu.
All ttl settings depend on the correct system time. You should take special care that it is always correct, if you are using this feature! |
This model should be used whenever you have individual subjects and objects, which cannot easily be grouped into roles and types for RC model, or if you need strong (possibly iscretionary) access control with individual user groups. However, individual ACLs can be confusing. Try to use time-to-live settings for all temporary changes.