Canmove, confirm
937
edits
Changes
→Configuring Discretionary Access Control
The Crypto Officer (the operator who installs the NSS library files) should use the <code>chmod</code> command to set the access permission bits of the NSS library files appropriately.
* specify the set of roles that can execute stored cryptographic software: all users. For example, <code>"chmod a+rx libsoftokn3.so"</code>. '''Note''': the read permission is required for the software integrity test.
* specify the set of roles that can modify (i.e., write, replace, and delete) cryptographic programs: the owner only. For example, <code>"chmod u+w libsoftokn3.so; chmod go-w libsoftokn3.so"</code>.
* specify the set of roles that can modify (i.e., write, replace, and delete) cryptographic data (e.g., cryptographic keys and audit data), CSPs, and plaintext data: NSS databases can only be modified by the owner. Audit data can only be modified by the root user.
* specify the set of roles that can read cryptographic data (e.g., cryptographic keys and audit data), CSPs, and plaintext data: NSS databases can only be read by the owner. Audit data can only be read by the root user.
* specify the set of roles that can enter cryptographic keys and CSPs: '''N/A'''. NSS does not support manual entry of cryptographic keys and CSPs.
