canmove, Confirmed users
937
edits
FIPS Operational Environment: Difference between revisions
Jump to navigation
Jump to search
→Configuring Discretionary Access Control
| Line 11: | Line 11: | ||
The Crypto Officer (the operator who installs the NSS library files) should use the <code>chmod</code> command to set the access permission bits of the NSS library files appropriately. | The Crypto Officer (the operator who installs the NSS library files) should use the <code>chmod</code> command to set the access permission bits of the NSS library files appropriately. | ||
* specify the set of roles that can execute stored cryptographic software: all users. For example, <code>"chmod a+rx libsoftokn3.so"</code>. | * specify the set of roles that can execute stored cryptographic software: all users. For example, <code>"chmod a+rx libsoftokn3.so"</code>. '''Note''': the read permission is required for the software integrity test. | ||
* specify the set of roles that can modify (i.e., write, replace, and delete) cryptographic programs: the owner only. For example, <code>"chmod u+w libsoftokn3.so; chmod go-w libsoftokn3.so"</code>. | * specify the set of roles that can modify (i.e., write, replace, and delete) cryptographic programs: the owner only. For example, <code>"chmod u+w libsoftokn3.so; chmod go-w libsoftokn3.so"</code>. | ||
* specify the set of roles that can modify (i.e., write, replace, and delete) cryptographic data (e.g., cryptographic keys and audit data), CSPs, and plaintext data: NSS databases can only be modified by the owner. Audit data can only be modified by the root user. | * specify the set of roles that can modify (i.e., write, replace, and delete) cryptographic data (e.g., cryptographic keys and audit data), CSPs, and plaintext data: NSS databases can only be modified by the owner. Audit data can only be modified by the root user. | ||
* specify the set of roles that can read cryptographic data (e.g., cryptographic keys and audit data), CSPs, and plaintext data: NSS databases can only be read by the owner. Audit data can only be read by the root user. | * specify the set of roles that can read cryptographic data (e.g., cryptographic keys and audit data), CSPs, and plaintext data: NSS databases can only be read by the owner. Audit data can only be read by the root user. | ||
* specify the set of roles that can enter cryptographic keys and CSPs: '''N/A'''. NSS does not support manual entry of cryptographic keys and CSPs. | * specify the set of roles that can enter cryptographic keys and CSPs: '''N/A'''. NSS does not support manual entry of cryptographic keys and CSPs. | ||