Canmove, confirm
937
edits
Changes
→Configuring Discretionary Access Control
The Crypto Officer (the operator who installs the NSS library files) should use the <code>chmod</code> command to set the access permission bits of the NSS library files appropriately.
* specify the set of roles that can execute stored cryptographic software
* specify the set of roles that can modify (i.e., write, replace, and delete) cryptographic programs
* specify the set of roles that can modify (i.e., write, replace, and delete) cryptographic data (e.g., cryptographic keys and audit data), CSPs, and plaintext data: NSS databases can only be modified by the owner. Audit data can only be modified by the root user.
* specify the set of roles that can read cryptographic data (e.g., cryptographic keys and audit data), CSPs, and plaintext data: NSS databases can only be read by the owner. Audit data can only be read by the root user.
* specify the set of roles that can enter cryptographic keys and CSPs: '''N/A'''. NSS does not support manual entry of cryptographic keys and CSPs.
