next up previous
$B lidsconf $B$K$D$$$F(B $B>e$X(B: LIDS $B$N4IM}$*$h$S@_Dj%3%^%s%I(B $BLa$k(B: LIDS $B$N4IM}$*$h$S@_Dj%3%^%s%I(B

lidsadm $B$K$D$$$F(B

LIDS $B$rM-8z$K$7$F5/F0$7$?8e$K!"(BLIDS $B$r4IM}$9$k$?$a$K(Blidsadm $B%3%^%s%I$r;H(B $BMQ$7$^$9!#$3$N%3%^%s%I$G!"(BLIDS $B$rM-8z!&L58z$K$7$?$j!"%+!<%M%k$rIu0u$7$?(B $B$j!"(BLIDS $B$N>uBV$r8+$k$3$H$,$G$-$^$9!#(B

``lidsadm -h'' $B$G;HMQJ}K!$r8+$F$_$^$7$g$&!#(B 

lidsadm version 0.4.3 for LIDS project
       Huagang Xie<xie@gnuchina.org>
       Philippe Biondi <pbi@cartel-info.fr>

Usage: lidsadm -[S|I] -- [+|-][LIDS_FLAG] [...]
       lidsadm -V
       lidsadm -h

Commands:
       -S  To submit a password to switch some protections
       -I  To switch some protections without submitting password (sealing time)
       -V  To view current LIDS state (caps/flags)
       -v  To show the version
       -h  To list this help 

Available capabilities:
           CAP_CHOWN chown(2)/chgrp(2)
    CAP_DAC_OVERRIDE DAC access
 CAP_DAC_READ_SEARCH DAC read
          CAP_FOWNER owner ID not equal user ID
          CAP_FSETID effective user ID not equal owner ID
            CAP_KILL real/effective ID not equal process ID
          CAP_SETGID set*gid(2)
          CAP_SETUID set*uid(2)
         CAP_SETPCAP transfer capability
 CAP_LINUX_IMMUTABLE immutable and append file attributes
CAP_NET_BIND_SERVICE binding to ports below 1024
   CAP_NET_BROADCAST broadcasting/listening to multicast
       CAP_NET_ADMIN interface/firewall/routing changes
         CAP_NET_RAW raw sockets
        CAP_IPC_LOCK locking of shared memory segments
       CAP_IPC_OWNER IPC ownership checks
      CAP_SYS_MODULE insertion and removal of kernel modules
       CAP_SYS_RAWIO ioperm(2)/iopl(2) access
      CAP_SYS_CHROOT chroot(2)
      CAP_SYS_PTRACE ptrace(2)
       CAP_SYS_PACCT configuration of process accounting
       CAP_SYS_ADMIN tons of admin stuff
        CAP_SYS_BOOT reboot(2)
        CAP_SYS_NICE nice(2)
    CAP_SYS_RESOURCE setting resource limits
        CAP_SYS_TIME setting system time
  CAP_SYS_TTY_CONFIG tty configuration
           CAP_MKNOD mknod operation
           CAP_LEASE taking leases on files
          CAP_HIDDEN hidden process
  CAP_KILL_PROTECTED kill protected programs
       CAP_PROTECTED Protect the process from signals

Available flags:
                LIDS de-/activate LIDS locally (the shell & childs)
         LIDS_GLOBAL de-/activate LIDS entirely
         RELOAD_CONF reload config. file and inode/dev of protected programs
$B%3%^%s%I$N;HMQJ}K!$O!"2<5-$K$J$j$^$9!#(B
lidsadm -S $BJ]8n5!G=$N$$$/$D$+$r2r=|!&%m%C%/$9$k$H$-$K;HMQ!#%Q%9%o!<%I(B $B$,I,MW(B
lidsadm -I $B%+!<%M%k$rIu0u$9$k$H$-$K;HMQ$9$k%3%^%s%I!#%Q%9%o!<%I$O!"I,(B $BMWL5$7(B
lidsadm -V LIDS $B$N>uBV(B($B8"8B$d!"%U%i%0(B)$B$r8+$k%3%^%s%I(B
lidsadm -v lidstools $B$N%P!<%8%g%s$rI=<($9$k(B
$B8"8B(B(capabilities)$B$K$D$$$F$O!"8e=R$7$^$9!#(B
Kazuki Omo $BJ?@.(B15$BG/(B9$B7n(B28$BF|(B