Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

create_file_securely(3) [osf1 man page]

create_file_securely(3) 				     Library Functions Manual					   create_file_securely(3)

NAME

       create_file_securely - Create a file in the authentication database  (Enhanced Security)

LIBRARY

       Security library - libsecurity.so

SYNOPSIS

       #include <sys/security.h>
       #include <prot.h>

       int create_file_securely(
	    char *file,
	    int decibels,
	    char *purpose);

PARAMETERS

       *file  The file parameter is the pathname to create.

       decibels
	      The  decibels parameter is AUTH_SILENT, AUTH_LIMITED, or AUTH_VERBOSE.  Using AUTH_SILENT blocks signals.  The AUTH_LIMITED constant
	      allows a limited amount of dialog.  Using AUTH_VERBOSE specifies that the routine should try to wait until the file can  be  created
	      (up to 100 tries, 1 second apart).  The values for decibels are as follows:

       0   AUTH_SILENT

       1   AUTH_LIMITED

       2   AUTH_VERBOSE

       purpose
	    The purpose parameter is a tag for the audit log entry created by the audit daemon when a file cannot be created.

DESCRIPTION

       The  create_file_securely  routine  creates  a file as specified in the file control database, /etc/auth/system/files.  It is more flexible
       than coding the discretionary attributes of the file, and a further assurance that the file being created is in	accordance  with  security
       concerns.

       If  the	path to the file being created does not exist, create_file_securely attempts to create the path.  If each directory in the path is
       not defined in the file control database, create_file_securely fails and returns CFS_NO_FILE_CONTROL_ENTRY.

RETURN VALUES

       The create_file_securely routine returns the following values:

       0   CFS_GOOD_RETURN

       1   CFS_CAN_NOT_OPEN_FILE

       2   CFS_NO_FILE_CONTROL_ENTRY

       3   FS_CAN_NOT_CHG_MODE

       4   CFS_CAN_NOT_CHG_OWNER_GROUP

FILES

       The file control database.

RELATED INFORMATION

       Files: files(4) delim off

															   create_file_securely(3)

Check Out this Related Man Page

files(4)						     Kernel Interfaces Manual							  files(4)

NAME

       files - File control database  (Enhanced Security)

DESCRIPTION

       The  file  control  database  (/etc/auth/system/files)  is  designed  to  help  the Information System Security Officer (ISSO) maintain the
       integrity of the system. The database contains entries for system data files and executable files that  require	certain  attributes.  Some
       files  require  certain	attributes to provide protection against unauthorized access, while others require a specific set of attributes to
       accomplish their intended function.

       The database is used by the library routine create_file_securely() to determine the set of attributes for a newly created file.	Many  pro-
       grams  associated  with	the trusted computing base (TCB) use this library routine for file creation to ensure that file attributes are set
       correctly.

       A broad range of attributes can be specified in the file control database. Specific choices depend upon	the  exact  system  configuration.
       These choices are as follows: This field specifies the owner name for the entry. If an owner name is not specified and the entry is created
       using create_file_securely, the owner of the file will be the real user ID of the process creating the  file.   This  field  specifies  the
       group  name for the entry. If a group name is not specified and the entry is created using create_file_securely, the group of the file will
       be the real group ID of the process creating the file.  This field specifies the mode word for the entry. If the mode word is not specified
       and  create_file_securely is used to create the entry, a mode word of 0 (zero) is assigned to the new file.  This field identifies the type
       of the entry.  This field is not taken into account by create_file_securely when a file is being created. The  library  routine	will  only
       create  regular files.  Choices for the type field are as follows: Regular file Directory FIFO device (pipe) Character special device Block
       special device Socket

EXAMPLES

       The following example is a typical file control database entry for the program /sbin/newfs: /sbin/newfs:f_owner=root:f_group=bin:
	       :f_type=r:f_mode#04111:
	       :chkent: This entry specifies that the newfs program has bin as its owner and group, that it is a regular file, and that  its  mode
       is 0111

       The   following	 example   shows   an	entry	for   a   site-specific   directory   that   contains	help  files  for  an  application:
       /appl/help_files:f_owner=appadmin:f_group=appl:       :f_type=d:f_mode#0750:	    :chkent;  This  entry  specifies  the  owner  of   the
       /appl/help_files directory as appadmin, the group as appl, and the mode as 0750.

FILES

       Specifies the pathname of the file control database.

RELATED INFORMATION

       Functions: getprfient(3)

       Files: authcap(4) delim off

																	  files(4)
Man Page