Path Names And Regular Expression Matching; File Permission Access Modes - Novell APPARMOR Admin Manual

Path Names and Regular Expression Matching

Path Names and Regular Expression Matching
Regular Expression Matching, or Globbing, is when you modify the
directory path using wildcards to include a group of files or subdirecto-
ries. File resources may be specified with a globbing syntax similar to
that used by popular shells, such as csh(1), bash(1), zsh(1).
* Can substitute for any number of characters, except '/'
For example: an arbitrary number of path elements, including
entire directories.
** Can substitute for any number of characters, including '/'
For example: an arbitrary number of path elements, including
entire directories.
? Can substitute for any single character, except '/'
[abc] This will substitute for the single character a, b, or c
For example: a rule that matches /home[01]/*/.plan that allows
a program to access .plan files for users in both /home0 and
/home1.
[a-c] This will substitute for the single character a, b, or c
{ab,cd}This will expand to one rule to match ab, one rule to match cd.
For example: A rule that matches /{usr,www}/pages/** to grant
access to web pages in both /usr/pages and /www/pages.

File Permission Access Modes

File permission access modes consists of combinations of the follow-
ing six modes:
• r:
Reade Mode
• w:
Write Mode
• px:
Discrete Profile Execute Mode
• ux:
Unconstrained Execute Mode
• ix:
Inherit Execute Mode
• l:
Link Mode
69