cmdprivadm(1M)cmdprivadm(1M)NAME
cmdprivadm - noninteractive editing of a command's authorization and privilege information in the privrun database
SYNOPSIS DESCRIPTION
is a noninteractive command that allows user with appropriate permission to add or delete a command and its privileges in the Role-Base
Access Control (RBAC) database, See privrun(1M) for more details on this file.
When adding a line to the database, sets fields that are not specified a default value. When deleting a line, the lines matching all the
given pairs will be deleted. That is, if all fields specified match, the entry will be deleted.
Appends a line as specified in pairs in the file.
Deletes a line as specified in pairs from file.
HP recommends that only the and commands be used to edit and view the RBAC databases; do not edit the RBAC files directly.
See rbac(5) for information on the RBAC databases.
Options
The following options are valid pairs for
command should include the full path name of the command. There can be one or more arguments following the command.
filename should specify the full path name of a file name.
Specifies the operation.
Specifies the object.
Specifies the real user ID
(ruid).
Specifies the effective user ID
(euid).
Specifies the real group ID
(rgid).
Specifies the effective group ID
(egid).
Specifies the compartment.
Specifies the privileges.
Specifies the PAM service name to reauthenticate under.
See pam.conf(4) for a list of PAM services.
Specifies the flags.
Note: You must enclose values that contain the space character, or any characters that may be interpreted by the shell, with single quotes.
For example, if the has one or more arguments, enclose them with single quotes:
Authorizations:
In order to invoke the user must either be root, (running with effective UID of 0), or have the appropriate authorizations. The following
is a list of the required authorizations for running with particular options:
Allows user to run
with options.
Allows user to run
with options.
EXTERNAL INFLUENCES
Environment Variables
determines the language in which messages are displayed.
International Code Set Support
Single-byte character code set is supported.
RETURN VALUE
Upon completion, returns one of the following values:
Success.
Failure.
An appropriate error message is printed on standard error.
EXAMPLES
The following commands add entries into the file:
The following commands delete entries from the file:
FILES
Database containing valid definitions of all roles.
Database containing definitions of all valid authorizations.
Database specifying the roles allowed for each specified user.
Database defining the authorizations for each specified role.
Database containing the authorization to execute specified commands,
and the privileges to alter UID and GID for command execution.
SEE ALSO authadm(1M), privrun(1M), rbacdbchk(1M), roleadm(1M), rbac(5).
cmdprivadm(1M)
Check Out this Related Man Page
privrun(1M)privrun(1M)NAME
privrun - invoke another application with privileges after performing appropriate authorization checks and optionally reauthenticating the
user
SYNOPSIS
authorization] compartment] [gid|groupname]] [gid|groupname]] privileges] [uid|username]] [uid|username]] command [args]
DESCRIPTION
allows a user to run legacy applications with elevated privileges according to the authorizations associated with that user. The user
invokes specifying the legacy application as command line arguments. consults the database to determine which authorization is required to
run the command with additional privileges. (The authorization is specified as an operation and a target object.) If the user has the
necessary authorization, invokes the specified command after changing its UID and/or GID as specified in the database. also allows a com-
mand to be run with a specified set of fine-grained privileges, and/or in a specified compartment.
The method to determine whether the user has the necessary authorization is configurable by the system administrator. A module is provided
to associate a fixed set of authorizations with the user based on the user's role. See rbac(5) for more information.
Options
recognizes the following options:
Match only those entries requiring the specified authorization.
authorization is defined as pairs in the database. The specified authorization must exactly match the authorization present in the
file (that is, wildcarding not supported.)
Matches the specified compartment in the
database. The specified compartment must exactly match the compartment present in the file.
Match only those entries containing the effective group ID (EGID)
corresponding to the specified EGID or the EGID associated with the group name.
Match only those entries containing the real group ID (RGID)
corresponding to the specified RGID or the RGID associated with the group name
Prints usage or help.
Matches the specified privileges to the privileges in the
database. When specifying multiple privileges, separate each privilege with a comma. Any privileges specified with option, must
have a match in the database.
Check to see if the user has the authorization to execute the
command and inform the user of the results. The command will not be invoked.
Match only those entries containing the effective user ID (EUID) corresponding
to the specified EUID or the EUID associated with the user name.
Match only those entries containing the real user ID (RUID) corresponding
to the specified RUID or the RUID associated with the user name.
Invoke in verbose mode. The verbose level will be increased if two options are specified. An increased verbose level will print more
information.
If the authorization check fails, the program will still be
executed with original caller's privileges only.
Operands
recognizes the following operands:
command [args] The HP-UX command to run. command must be fully qualified. If it is not, then will use the current working directory
and the environment variable to determine the desired command. args specifies any argument that the command recog-
nizes.
The cmd_priv Database
The file contains information on which authorizations are required to execute each command binary, or edit each file. It also has the
resulting privileges (real, effective UID and GID, fine-grained privileges, compartment) associated with the binary. If the user is
required to reauthenticate prior to successful authorization, a PAM service name is specified in this file and indicates how should iden-
tify itself to PAM. See pam.conf(4) for more detailed information.
The file contains any number of entries, where each entry is specified on a single line in the following format:
{command|file}
These fields are defined as follows:
Field Description
command|file
For the fully qualified path of the command being wrapped to provide additional privileges.
For the fully qualified path of a file to edit.
This field may contain wildcards as defined in fnmatch(3C).
arguments
The exact set of arguments (matched as a string) the user must invoke. If this field is empty, the command may not be invoked with
any arguments. If this field contains the keyword the specified command may be invoked with any arguments. This field is only used
by and ignored by
The operation the user is required to have on the object specified.
Together, the forms the authorization. operation must be fully qualified and cannot contain a wild card
An entry of in object requires that the user has the specified operation on all objects. (Note: This is satisfied by a specifica-
tion of in the database if RBAC is in use.)
This field may contain the keyword instead of which indicates that no access check is required and the command is invoked with priv-
ilege for any user.
Real/Effective UID/GID.
Part of the privileges granted to the wrapped command (process) if the user has the specified authorization. If any of these fields
are specified, calls or before invoking the command. These fields can also be specified by name, in which case a conversion will be
performed at invocation time. This field is only used by and ignored by
The UID and GID specifications in this field are optional. No ID present indicates the field is to remain unchanged; however, the
slash characters separating the IDs must remain.
compartment
Compartment to invoke application in. A compartment is an attribute associated with a process to compartmentalize different OS pro-
cesses. If compartments are not enabled on the system, this field should be set to An error may occur if this field is left empty.
Refer to compartments(5) for more information on compartments. This field is only used by and ignored by
privs Fine-grained privileges to be associated with at invocation. These privileges may be used in lieu of to perform specific kernel
operations. If the field is set to basic privileges will be granted to the process. Refer to privileges(5) for more detailed
information. This field is only used by and ignored by
pam-service
Reauthentication service. If specified, the user will be reauthenticated. The command will identify itself to PAM as the service
indicated in this field. This allows the security officer to require an additional set of restrictions for particular commands.
See pam.conf(4) for a list of PAM services.
The keyword must be used to indicate that no reauthorization is required.
flags This field is used by both and In there is only one defined flag. If the flag is set to then none of the environment variables will
be scrubbed. For the flag usage in please see privedit(1M) for more details. is expected to appear in this field for the command.
White space between each field and immediately surrounding the colon field separator is optional and ignored by the command.
There can be multiple entries in with the same command line, but requiring different authorizations required and resulting in different
privileges. evaluates each entry in the order specified in the file, continuing on to the next only if the user does not have the required
authorization. If you want to match a particular entry in use command options to specify the set of privileges for the desired entry.
EXTERNAL INFLUENCES
Environment Variables
determines the language in which messages are displayed.
International Code Set Support
Single-byte character code set is supported.
RETURN VALUE
Success If permitted the user to execute the program, then the return value from will be the return value of the program executed.
Failure returns a value of and an appropriate error message will be printed to stderr.
EXAMPLES
Example 1
In the following example, the caller invokes to execute the command, with as the argument to the command.
examines the database for an entry corresponding to the command If this entry is found, then the necessary authorization is retrieved from
that entry. invokes the command if the user has the necessary authorization.
In the following example, the caller wants to change the UID of the calling process to 28 change the GID of the calling process to other
and execute the command
If an entry exists for the command with the associated EUID set to 28, and the EGID set to the EGID corresponding to the group name the
usual authorization and invocation process occurs. If this entry does not exist, (even if an entry for appears with different associated
privileges (EUID/EGID)), the command fails and prints an error message.
Example 2
In the following example, the caller wants to execute the command within compartment
If an entry exists for the command with the compartment specified as then the command will be executed in the compartment. If this entry
does not exist, (even if an entry for appears with different compartment specification), the command fails and prints an error message.
FILES
Database containing valid definitions of all roles.
Database containing definitions of all valid authorizations.
Database specifying the roles for each specified user.
Database defining the authorizations for each role.
Database defining the authorization information needed to execute commands
and and edit files under access control.
SEE ALSO authadm(1M), cmdprivadm(1M), cmpt_tune(1M), rbacdbchk(1M), roleadm(1M), compartments(5), privileges(5), rbac(5).
privrun(1M)