Before starting with File Flags (FF) module administration, your should read the FF description.

FF administration only changes the ff_flags attribute of files and the ff_role attribute of users. This can either be done with rsbac_fd_menu and rsbac_user_menu or with the command line tools attr_get_file_dir, attr_set_file_dir, attr_get_user and attr_set_user.

The ff_role value determines user access to both attributes: normal users have no access, system admins have read access and security officer has full access.

Example to set some flags on /bin/sample:

attr_set_file_dir PAX FILE /bin/sample pax_flags PeMRxS

---

Table of Contents: RSBAC Handbook
Previous: PAX
Next: RES
Alternative: Setting up Modules