is there a secure store associated with user?
Polytropon
freebsd at edvax.de
Wed Mar 2 20:54:31 UTC 2016
On Wed, 2 Mar 2016 10:45:10 -0800, Sergei G wrote:
> I am looking for FreeBSD (and Linux) equivalent of DP API in windows. For
> example, windows service has access to a secure data store associated with
> user account. When I register service I enter service user id and password
> and that password unlocks user store.
This can be done using regular user:group permissions. Let's say
you run the service under a specific user "service" ; let's
furthermore say that Bob's user data is owned by bob:bob. Then
you just have to make user "service" a member of the group "bob"
and set the file attributes to rw-/r--/---, for example: user
can read and write, service can only read, nobody else can do
anything.
In this case, the password of Bob doesn't even have to be known
to the service. Locking and unlocking is a matter of group
menbership. This is controlled by the system administrator.
Oh, and an additional approach is using ACLs. Here, the user
himself can "unlock" things easily, if desired.
There are probably many other ways that make such a way of access
control possible.
> Is there something like that in Unix
> world?
Yes, somehow. :-)
--
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
More information about the freebsd-questions
mailing list