TOC & Recently Viewed

Recently Viewed Topics

File Access Control Checks

A file Access Control List (ACL) is identified by the keyword file_acl. The ACL name must be unique to be used with a file permissions item. A file ACL can contain one or multiple user entry.

Usage

<file_acl: ["name"]>

 

<user: ["user_name"]>

acl_inheritance: ["value"]

acl_apply: ["value"]

(optional) acl_allow: ["rights value"]

(optional) acl_deny: ["rights value"]

</user>

 

</acl>

Syntax

Associated Types

Allowed Types

acl_inheritance

not inherited

inherited

not used

acl_apply

this folder only

this object only

this folder and files

this folder and subfolders

this folder, subfolders and files

files only

subfolders only

subfolders and files only

acl_allow

acl_deny

These settings are optional.

Generic rights:

  • full control
  • modify
  • read & execute
  • read
  • write
  • list folder contents

Advanced rights:

  • full control
  • traverse folder / execute file
  • list folder / read data
  • read attributes
  • read extended attributes
  • create files / write data
  • create folders / append data
  • write attributes
  • write extended attributes
  • delete subfolder and files
  • delete
  • read permissions
  • change permissions
  • take ownership

Here is an example file access control .audit text:

<file_acl: "ASU1">

 

<user: "Administrators">

acl_inheritance: "not inherited"

acl_apply: "This folder, subfolders and files"

acl_allow: "Full Control"

</user>

 

<user: "System">

acl_inheritance: "not inherited"

acl_apply: "This folder, subfolders and files"

acl_allow: "Full Control"

</user>

 

<user: "Users">

acl_inheritance: "not inherited"

acl_apply: "this folder only"

acl_allow: "list folder / read data" | "read attributes" | "read extended

attributes" | "create files / write data" | "create folders / append data" |

"write attributes" | "write extended attributes" | "read permissions"

</user>

 

</acl>

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.