FIPS Operational Environment: Difference between revisions
		
		
		
		
		
		Jump to navigation
		Jump to search
		
				
		
		
	
| Line 7: | Line 7: | ||
| On Linux and Solaris, discretionary access control can be configured by setting the access permission bits of the files appropriately. The access permission bits can be specified when the files are created, or they can be modified later. | On Linux and Solaris, discretionary access control can be configured by setting the access permission bits of the files appropriately. The access permission bits can be specified when the files are created, or they can be modified later. | ||
| NSS  | NSS creates the database files with the 0600 permission bits, making them readable and writable by the owner only. | ||
| The Crypto Officer (the operator who installs the NSS library files) should use the <code>chmod</code> command to set the access permission bits of the NSS library files appropriately. | The Crypto Officer (the operator who installs the NSS library files) should use the <code>chmod</code> command to set the access permission bits of the NSS library files appropriately. | ||
Revision as of 02:47, 8 June 2006
Maintaining Software Integrity
Describe the checksum (.chk) files.
Configuring Discretionary Access Control
On Linux and Solaris, discretionary access control can be configured by setting the access permission bits of the files appropriately. The access permission bits can be specified when the files are created, or they can be modified later.
NSS creates the database files with the 0600 permission bits, making them readable and writable by the owner only.
The Crypto Officer (the operator who installs the NSS library files) should use the chmod command to set the access permission bits of the NSS library files appropriately.
- specify the set of roles that can execute stored cryptographic software
- specify the set of roles that can modify (i.e., write, replace, and delete) cryptographic programs
- specify the set of roles that can modify (i.e., write, replace, and delete) cryptographic data (e.g., cryptographic keys and audit data), CSPs, and plaintext data: NSS databases can only be modified by the owner. Audit data can only be modified by the root user.
- specify the set of roles that can read cryptographic data (e.g., cryptographic keys and audit data), CSPs, and plaintext data: NSS databases can only be read by the owner. Audit data can only be read by the root user.
- specify the set of roles that can enter cryptographic keys and CSPs: N/A. NSS does not support manual entry of cryptographic keys and CSPs.