73 lines
1.7 KiB
XML
73 lines
1.7 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE capabilityrole [
|
|
<!ELEMENT capabilityrole (roles)>
|
|
<!ELEMENT roles (role*)>
|
|
<!ELEMENT role (capabilities, users?, groups?)>
|
|
<!ATTLIST role name ID #REQUIRED>
|
|
<!ELEMENT capabilities (capability+)>
|
|
<!ELEMENT users (user*)>
|
|
<!ELEMENT groups (group*)>
|
|
<!ELEMENT capability (#PCDATA)>
|
|
<!ELEMENT user (commands?)>
|
|
<!ATTLIST user name CDATA #REQUIRED>
|
|
<!ELEMENT group (commands?)>
|
|
<!ATTLIST group name CDATA #REQUIRED>
|
|
<!ELEMENT commands (command*)>
|
|
<!ELEMENT command (#PCDATA)>
|
|
]>
|
|
<capabilityrole>
|
|
<roles>
|
|
<role name="root">
|
|
<capabilities>
|
|
<capability>*</capability>
|
|
</capabilities>
|
|
<users>
|
|
<user name="root"/>
|
|
</users>
|
|
</role>
|
|
|
|
<!--
|
|
<role name="role1">
|
|
<capabilities>
|
|
<capability>cap_net_raw</capability>
|
|
<capability>cap_sys_nice</capability>
|
|
</capabilities>
|
|
<users>
|
|
<user name="Put User Name Here"/>
|
|
<user name="Put User Name Here">
|
|
<commands>
|
|
<command>/usr/sbin/tcpdump</command>
|
|
<command>/usr/sbin/iptables</command>
|
|
</commands>
|
|
</user>
|
|
</users>
|
|
<groups>
|
|
<group name="Put Group Name Here"/>
|
|
<group name="Put Group Name Here"/>
|
|
<group name="Put Group Name Here">
|
|
<commands>
|
|
<command>/usr/bin/printer</command>
|
|
<command>/usr/bin/other</command>
|
|
</commands>
|
|
</group>
|
|
</groups>
|
|
</role>
|
|
<role name="role2">
|
|
<capabilities>
|
|
<capability>cap_fowner</capability>
|
|
<capability>cap_setuid</capability>
|
|
</capabilities>
|
|
<groups>
|
|
<group name="Put Group Name Here">
|
|
<commands>
|
|
<command>/usr/bin/passwd</command>
|
|
<command>/usr/bin/chmod</command>
|
|
<command>/opt/myprogram -i</command>
|
|
</commands>
|
|
</group>
|
|
</groups>
|
|
</role>
|
|
-->
|
|
</roles>
|
|
</capabilityrole>
|