How PAM SC File Protection Works
Describes how PAM SC file protection works.
capamsc141
When the seosd daemon starts, it performs the UNIX stat command for each discrete file object that is defined in the database. The daemon then builds a table in memory that contains an entry for each file object. In addition, the table contains the inode and device of the file for each discrete file. With this information,
Privileged Access Manager
can also protect the hard links to the files because the protection is according to device and inode. The database does not keep information about the inode and device of a file.When you create a file rule through
Privileged Access Manager
:- If the file exists in UNIX,Privileged Access Managerfirst performs a stat command for the file. Then it adds an entry to the file table with the inode and device information of the file.
- If the file does not exist in UNIX,Privileged Access Manageradds an entry of the name of the file to the file table (without inode and device information). This entry is the same as the entry for a generic file object. Simultaneously, the kernel keeps an indication in its internal tables that this file must be checked during creation for inode and device information. When the file is created, the kernel intercepts its creation. The kernel informs seosd of the inode of the file and device information. The seosd daemon can then update the entry of the file in the file table.
When you delete a file,
Privileged Access Manager
deletes its entry in the seosd file table. The entry remains in the Privileged Access Manager
database in case you create it again.