$B LIDS ACL $B$K$D$$$F(B $B>e$X(B: LIDS $B$N4IM}$*$h$S@_Dj%3%^%s%I(B $BLa$k(B: lidsconf $B$K$D$$$F(B

LIDS ACL$B$NI=<((B

LIDS $B$O(BACL $B$r(B/etc/lids/lids.conf$B%U%!%$%k$KJ]B8$7$^$9!#$7$+$7!"(B $B$3(B $B$N%U%!%$%k$O!"$=$N$^$^$G$O>/$7FI$_$K$/$$$G$9!#(B $B8=(B $B:_$N(BACL $B$rI=<($7$?$$>l9g$K$O!"(Blidsconf -L $B%3%^%s%I$r;HMQ$7$^$9(B

lfs# lidsconf -L

LIST
                Subject   ACCESS  inherit time        Object
----------------------------------------------------------------------------
               Any file  READONLY:  0  0000-0000                 /sbin 0
               Any file  READONLY:  0  0000-0000                  /bin 0
               Any file  READONLY:  0  0000-0000                 /boot 0
               Any file  READONLY:  0  0000-0000                  /lib 0
               Any file  READONLY:  0  0000-0000                  /usr 0
               Any file  READONLY:  0  0000-0000                  /etc 0
               Any file      DENY:  0  0000-0000             /etc/lids 0
               Any file      DENY:  0  0000-0000           /etc/shadow 0
               Any file    APPEND:  0  0000-0000              /var/log 0
               Any file     WRITE:  0  0000-0000         /var/log/wtmp 0
             /bin/login  READONLY:  0  0000-0000           /etc/shadow 0
                /bin/su  READONLY:  0  0000-0000           /etc/shadow 0
             /bin/login     WRITE:  0  0000-0000      /var/log/lastlog 0
           /etc/rc.d/rc     GRANT: -1  0000-0000         CAP_INIT_KILL 0
           /etc/rc.d/rc     GRANT: -1  0000-0000         CAP_NET_ADMIN 0
           /etc/rc.d/rc     GRANT: -1  0000-0000         CAP_SYS_ADMIN 0
  /etc/rc.d/init.d/halt     GRANT: -1  0000-0000         CAP_INIT_KILL 0
  /etc/rc.d/init.d/halt     GRANT: -1  0000-0000         CAP_SYS_ADMIN 0
  /etc/rc.d/init.d/halt     GRANT: -1  0000-0000         CAP_SYS_RAWIO 0
  /etc/rc.d/init.d/halt     GRANT: -1  0000-0000         CAP_NET_ADMIN 0
         /usr/sbin/sshd  READONLY:  0  0000-0000           /etc/shadow 0
               Any file  READONLY:  0  0000-0000                 /root 0
         /usr/sbin/sshd     GRANT:  0  0000-0000  CAP_NET_BIND_SERVICE 22-220
/usr/X11R6/bin/XF86_SVGA     GRANT:  0  0000-0000         CAP_SYS_RAWIO 0
           /usr/bin/ssh     GRANT:  0  0000-0000  CAP_NET_BIND_SERVICE 0-10240

$B>e5-$N0UL#$O!"$=$l$>$l(B

Subject	$B@)8B$5$l$?%*%V%8%'%/%H$K%"%/%;%9$7$h$&$H$9$k!"%W%m%0%i%`(B
ACCESS	$BM?$($i$l$?8"8B(B
inherit	$B8"8B$N7Q>5@_Dj!#(B-1$B$O(Bunlimited($BL5@)8B(B)$B!#>\:Y$O8e=R!#(B
time	ACL $B$N;~4V@_Dj!#FCDj$N;~4V$K(BACL $B$rM-8z$K$9$k!#(Bcron $B$rF0$+$9$H(B $B$-$J$I$K;HMQ!#>\:Y$O8e=R!#(B
Object	ACL $B$K$h$C$F5,Dj$5$l$k%U%!%$%k$d8"8B(B