Content-type: text/html Man page of sys_attrs_sec


Section: File Formats (5)
Index Return to Main Contents


sys_attrs_sec - sec subsystem attributes  


This reference page lists and describes attributes for the Security (sec) kernel subsystem. Refer to the sys_attrs(5) reference page for an introduction to the topic of kernel subsystem attributes. In the following list, attributes preceded by an asterisk (*) can be modified at run time.

The size of the audit buffer in 1-KB units.
Default value: 16 (kilobytes)
Minimum value: 16 (kilobytes)
Maximum value: 1024 (kilobytes)
If you are generating your own audit records and the size of these records is close to or greater than the current audit-buffer-size value, increasing this value may improve system performance.
The size, in bytes, reserved for the audit site mask. Each byte can support four site-defined events.
Default value: 64 (bytes)
Minimum value: 1 (byte)
Maximum value: 1048576 (bytes)
The audit subsystem allows sites to define their own audit events (site-defined events). The site-defined events are specified in the /etc/sec/site_events file. Because the number of site-defined events is determined by the customer, the audit-site-events attribute is provided so the customer can specify how much memory the kernel needs to reserve for these events. There is no need to change this value unless there are more than 256 site-defined events. See the Security manual for more information on specifying site-defined events.
A value that controls the permission bits of a file with access control lists (ACLs) as seen by an NFS Version 2 client. NFS Version 2 clients make their own file access decisions, based on their interpretation of the file's permission bits. The file permission bits may not accurately specify file access if the file has an ACL. You can specify the following values for the nfs-flatten-mode attribute to better control file access decisions by NFS Version 2 clients: Do not modify file access; send the original file permission bits to the NFS Version 2 client. Restrict the file access; modify the ``group'' and ``other'' fields of the file permissions so that the permission bits grant only a level of access that is granted in every ACL entry. For example, send permission bits that grant write access only if all ACL entries grant write access. Make file access more permissive; modify the ``group'' and ``other'' fields of the file permissions so that the permission bits reflect a level of access that is granted by the combination of ACL entries. For example, if some ACL entries grant read and execute permission and others grant write permission, send permission bits that grant read, write, and execute permission.
Default value: 0
See acl(4) for more information. The size limit, in bytes, of property list entries on UFS file systems.
Default value: 8192 (bytes)
Minimum value: 320 (bytes)
Maximum value: 18446744073709551615 (bytes)
On AdvFS file systems, a property list entry has a hard size limit of 1560 bytes. The ufs-proplist-max-entry attribute facilitates interoperation of UFS and AdvFS property list entries. Set this attribute to 1560 if you want to use all property list entries on your system with both UFS and AdvFS file systems. See proplist(4) for more information about property lists.
The ufs-proplist-max-entry attribute interacts with the ufs-sec-proplist-max-entry attribute. The latter is used to configure the size of ACLs on UFS file systems. Because ACLs are stored in property lists, ufs-sec-proplist-max-entry cannot be greater than (ufs-proplist-max-entry - 64) bytes. If ufs-sec-proplist-max-entry is set to exceed this limit, the value of ufs-proplist-max-entry is automatically increased. The size limit, in bytes, of ACLs on UFS file systems.
Default value: 1548 (bytes)
Minimum value: 256 (bytes)
Maximum value: 18446744073709551551 (bytes)
ACLs are implemented by using property lists. On AdvFS file systems, there is a hard size limit of 1560 bytes for a property list entry. This limit allows 2548 bytes for the ACL data, or a total of 65 entries, plus the three required entries of user::, group::, and other::. Files have only one ACL, an Access ACL. Directories can have up to three ACLs: an Access ACL, a Default ACL, and a Default Directory ACL. The AdvFS limit is placed on each of the three ACLs for a directory, meaning that each can have up to 65 entries. See acl(4) and the Security manual for more information about ACLs.
By default, the ufs-sec-proplist-max-entry attribute is set to ensure that the size limit of ACLs on UFS file systems is the same as the size limit of ACLs on AdvFS file systems. This ensures that ACLs on your system can be copied between UFS and AdvFS file systems. It is recommended that you not modify the default setting of ufs-sec-proplist-max-entry unless you have strong need for larger ACLs.
The ufs-sec-proplist-max-entry attribute interacts with the ufs-proplist-max-entry attribute. See the description of ufs-proplist-max-entry for a description of this relationship.


Files: acl(4), proplist(4)

Others: sys_attrs(5)





This document was created by man2html, using the manual pages.
Time: 02:43:08 GMT, October 02, 2010