Index Index for Section 5
Index Alphabetical listing for S 

sys_attrs_sec(5)


NAME

  sys_attrs_sec - sec subsystem attributes


DESCRIPTION

  This reference page lists and describes attributes for the Security (sec)
  kernel subsystem. Refer to the sys_attrs(5) reference page for an
  introduction to the topic of kernel subsystem attributes. In the following
  list, attributes preceded by an asterisk (*) can be modified at run time.



  audit-buffer-size
      The size of the audit buffer in 1-KB units.

      Default value: 16 (kilobytes)

      Minimum value: 16 (kilobytes)

      Maximum value: 1024 (kilobytes)

      If you are generating your own audit records and the size of these
      records is close to or greater than the current audit-buffer-size
      value, increasing this value may improve system performance.



  audit-site-events
      The size, in bytes, reserved for the audit site mask.  Each byte can
      support four site-defined events.

      Default value: 64 (bytes)

      Minimum value: 1 (byte)

      Maximum value: 1048576 (bytes)

      The audit subsystem allows sites to define their own audit events
      (site-defined events). The site-defined events are specified in the
      /etc/sec/site_events file. Because the number of site-defined events is
      determined by the customer, the audit-site-events attribute is provided
      so the customer can specify how much memory the kernel needs to reserve
      for these events. There is no need to change this value unless there
      are more than 256 site-defined events. See the Security manual for more
      information on specifying site-defined events.



  * nfs-flatten-mode
      A value that controls the permission bits of a file with access control
      lists (ACLs)  as seen by an NFS Version 2 client. NFS Version 2 clients
      make their own file access decisions, based on their interpretation of
      the file's permission bits. The file permission bits may not accurately
      specify file access if the file has an ACL. You  can specify the
      following values for the nfs-flatten-mode attribute to better control
      file access decisions by NFS Version 2 clients:

      0	      Do not modify file access; send the original file permission
	      bits to the NFS Version 2 client.

      1	      Restrict the file access; modify the "group" and "other" fields
	      of the file permissions so that the permission bits grant only
	      a level of access that is granted in every ACL entry. For
	      example, send permission bits that grant write access only if
	      all ACL entries grant write access.

      2	      Make file access more permissive;	 modify the "group" and
	      "other" fields of the file permissions so that the permission
	      bits reflect a level of access that is granted by the
	      combination of ACL entries.  For example, if some ACL entries
	      grant read and execute permission and others grant write
	      permission, send permission bits that grant read, write, and
	      execute permission.

      Default value: 0

      See acl(4) for more information.

  * ufs-proplist-max-entry
      The size limit, in bytes, of property list entries on UFS file systems.

      Default value: 8192 (bytes)

      Minimum value: 320 (bytes)

      Maximum value: 18446744073709551615 (bytes)

      On AdvFS file systems, a property list entry has a hard size limit of
      1560 bytes. The ufs-proplist-max-entry attribute facilitates
      interoperation of UFS and AdvFS property list entries. Set this
      attribute to 1560 if you want to use all property list entries on your
      system with both UFS and AdvFS file systems. See proplist(4) for more
      information about property lists.

      The ufs-proplist-max-entry attribute interacts with the ufs-sec-
      proplist-max-entry attribute. The latter is used to configure the size
      of ACLs on UFS file systems. Because ACLs are stored in property lists,
      ufs-sec-proplist-max-entry cannot be greater than (ufs-proplist-max-
      entry - 64) bytes.  If ufs-sec-proplist-max-entry is set to exceed this
      limit, the value of ufs-proplist-max-entry is automatically increased.

  * ufs-sec-proplist-max-entry
      The size limit, in bytes, of ACLs on UFS file systems.

      Default value: 1548 (bytes)

      Minimum value: 256 (bytes)

      Maximum value: 18446744073709551551 (bytes)

      ACLs are implemented by using property lists. On AdvFS file systems,
      there is a hard size limit of 1560 bytes for a property list entry.
      This limit allows 2548 bytes for the ACL data, or a total of 65
      entries, plus the three required entries of user::, group::, and
      other::. Files have only one ACL, an Access ACL. Directories can have
      up to three ACLs: an Access ACL, a Default ACL, and a Default Directory
      ACL. The AdvFS limit is placed on each of the three ACLs for a
      directory, meaning that each can have up to 65 entries. See acl(4) and
      the Security manual for more information about ACLs.

      By default, the ufs-sec-proplist-max-entry attribute is set to ensure
      that the size limit of ACLs on UFS file systems is the same as the size
      limit of ACLs on AdvFS file systems. This ensures that ACLs on your
      system can be copied between UFS and AdvFS file systems. It is
      recommended that you not modify the default setting of ufs-sec-
      proplist-max-entry unless you have strong need for larger ACLs.

      The ufs-sec-proplist-max-entry attribute interacts with the ufs-
      proplist-max-entry attribute. See the description of ufs-proplist-max-
      entry for a description of this relationship.


SEE ALSO

  Files: acl(4), proplist(4)

  Others: sys_attrs(5)

  Security