This document provides information on how to create an access policy for DAC permission.
- In the Segura® Platform, in the navigation bar, hover over the Products menu and select EPM.
- In the side menu, select Policies > Linux > Policies.
- In the Policies report, click Add and select General.
- In the General tab, enter the following information:
- In the Policy name * field, enter a name to identify the policy.
- In the Status * field, select to enable or disable the policy.
- In the Guideline * field, select the guideline to perform the policy.
- In the Checker (path or executor) field, enter the command:
path="/bin/(app directory)" path.perm=(execution mask number) path.perm=(user group/user). - In the Enable audit? * field, select to enable the auditing of policy actions.
- In the Include general denial rule? field, select to allow only registered rules and deny what is not in the rule.
- In the Rules field, click + Add to enter the rules.
- Select Allow or Lock to allow or block access for the user or group, and enter the rule text in the format of policies in CaitSith. For example:
task.gid=(group name)for groups ortask.uid=(user name)for users. - Click Add for each rule created.
- Select Allow or Lock to allow or block access for the user or group, and enter the rule text in the format of policies in CaitSith. For example:
- Click Continue.
- In the Review tab, review the access policy and click Save.
The system displays a confirmation message: "Success. Data saved successfully". The created access policy will be in the report list at EPM > Policies > Linux > Policies.