#
# Copyright (c) 2010-2015 Ericsson AB.
# All rights reserved.
#
# FILE : /etc/siara/facl_policy
# This file defines File system hardening FACL policy for /md, /flash, /var/log and
# /etc/siara folder. 
# SystemAdministrator is privileged user who has rw access to /md, /flash and read
# access /var/log and /etc/siara folder.
# files which applied at boot time once.

# file: /etc/siara
# owner: root
# group: siara
# flags: -s-
user::rwx
group::r-x
group:SystemAdministrator:rwx
other::r-x
default:group:SystemAdministrator:rwX

# file: /var/pod
# owner: root
# group: root
user::rwx
group::rwx
group:SystemAdministrator:rwx
other::---
default:group:SystemAdministrator:rwX

# file: /var/service-pools
# owner: root
# group: root
user::rwx
group::r-x
group:SystemAdministrator:r-x
other::---
default:group:SystemAdministrator:r-X

# file: /var/tftpboot
# owner: root
# group: root
user::rwx
user:nobody:r-x
group::r-x
group:SystemAdministrator:r-x
other::---
default:group:SystemAdministrator:r-X

# file: /var/vsmd
# owner: root
# group: root
user::rwx
group::r-x
group:SystemAdministrator:r-x
other::---
default:group:SystemAdministrator:r-X

# file: /var/log
# owner: root
# group: root
# flags: ---
user::rwx
group::r-x
group:SystemAdministrator:r-x
other::r-x
default:group:SystemAdministrator:r-X


# file: /md
# owner: root
# group: siara
# flags: -s-
user::rwx
group::rwx
group:_iposadmin:r-x
group:SystemAdministrator:rwx
other::r-x
default:group:SystemAdministrator:rwX

# file: /flash
# owner: root
# group: siara
# flags: -s-
user::rwx
group::rwx
group:SystemAdministrator:rwx
other::r-x
default:group:SystemAdministrator:rwX

# file: /flash/home
# owner: root
# group: root
user::rwx
group::rwx
group:SystemAdministrator:r-x
other::r-x
default:group:SystemAdministrator:rwX


# file: /flash/.ssh
# owner: root
# group: SystemAdministrator
user::rwx
group::rwx
group:SystemAdministrator:rwx
other::r-x
default:group:SystemAdministrator:rwX

# file: /flash/ericsson.cfg
# owner: root
# group: root
user::rw-
group::rw-
group:SystemAdministrator:rw-
other::---
