Man page of sys_attrs_sec
Section: File Formats (5)
Return to Main Contents
sys_attrs_sec - sec subsystem attributes
This reference page lists and describes attributes for the Security
(sec) kernel subsystem. Refer to the
page for an introduction to the topic of kernel subsystem attributes. In the
following list, attributes preceded by an asterisk (*) can be modified at
The size of the audit buffer in 1-KB units.
Default value: 16 (kilobytes)
Minimum value: 16 (kilobytes)
Maximum value: 1024 (kilobytes)
If you are generating your own audit records and the size of these records
is close to or greater than the current
value, increasing this value may improve system performance.
The size, in bytes, reserved for the audit site mask. Each
byte can support four site-defined events.
Default value: 64 (bytes)
Minimum value: 1 (byte)
Maximum value: 1048576 (bytes)
The audit subsystem allows sites to define their own audit events (site-defined
events). The site-defined events are specified in the
file. Because the number of site-defined events is determined
by the customer, the
attribute is provided
so the customer can specify how much memory the kernel needs to reserve for
these events. There is no need to change this value unless there are more
than 256 site-defined events. See the
manual for more
information on specifying site-defined events.
A value that controls the permission bits of a file with access
control lists (ACLs) as seen by an NFS Version 2 client. NFS Version 2 clients
make their own file access decisions, based on their interpretation of the
file's permission bits. The file permission bits may not accurately specify
file access if the file has an ACL. You can specify the following values
attribute to better control file
access decisions by NFS Version 2 clients:
Do not modify file access; send the original file permission
bits to the NFS Version 2 client.
Restrict the file access; modify the ``group'' and ``other''
fields of the file permissions so that the permission bits grant only a level
of access that is granted in every ACL entry. For example, send permission
bits that grant write access only if all ACL entries grant write access.
Make file access more permissive; modify the ``group''
and ``other'' fields of the file permissions so that the permission
bits reflect a level of access that is granted by the combination of ACL entries.
For example, if some ACL entries grant read and execute permission and others
grant write permission, send permission bits that grant read, write, and execute
Default value: 0
for more information.
The size limit, in bytes, of property list entries on UFS
Default value: 8192 (bytes)
Minimum value: 320 (bytes)
Maximum value: 18446744073709551615 (bytes)
On AdvFS file systems, a property list entry has a hard size limit of
1560 bytes. The
interoperation of UFS and AdvFS property list entries. Set this attribute
to 1560 if you want to use all property list entries on your system with both
UFS and AdvFS file systems. See
for more information about property
attribute interacts with
attribute. The latter is
used to configure the size of ACLs on UFS file systems. Because ACLs are stored
in property lists,
greater than (ufs-proplist-max-entry
- 64) bytes.
is set to exceed this limit,
the value of
is automatically increased.
The size limit, in bytes, of ACLs on UFS file systems.
Default value: 1548 (bytes)
Minimum value: 256 (bytes)
Maximum value: 18446744073709551551 (bytes)
ACLs are implemented by using property lists. On AdvFS file systems,
there is a hard size limit of 1560 bytes for a property list entry. This limit
allows 2548 bytes for the ACL data, or a total of 65 entries, plus the three
required entries of
other::. Files have only one ACL, an Access ACL. Directories
can have up to three ACLs: an Access ACL, a Default ACL, and a Default Directory
ACL. The AdvFS limit is placed on each of the three ACLs for a directory,
meaning that each can have up to 65 entries. See
manual for more information about ACLs.
By default, the
is set to ensure that the size limit of ACLs on UFS file systems is the same
as the size limit of ACLs on AdvFS file systems. This ensures that ACLs on
your system can be copied between UFS and AdvFS file systems. It is recommended
that you not modify the default setting of
unless you have strong need for larger ACLs.
attribute. See the description
for a description of this relationship.
- SEE ALSO
This document was created by
using the manual pages.
Time: 02:43:08 GMT, October 02, 2010