Query: privedit
OS: hpux
Section: 1m
Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar
privedit(1M) privedit(1M)NAMEprivedit - let authorized users edit files that are under access controlSYNOPSISauthorization] fileDESCRIPTIONallows authorized users to edit files that are otherwise restricted by permissions or access control lists. Identify which file to edit by specifying the file name as an argument to the command. After you invoke the command, checks the database to determine the authorization required to edit the file. If you have the necessary authorization, invokes the specified editor to edit the file. You can specify which editor uses to edit the file by setting the environment variable. If you do not set the variable, uses the default editor, You cannot pass arguments to the editor via the command line. However, the editor recognizes and supports editor-specific environ- ment variables if you set them before invoking You can use a fully qualified file name as a argument to identify which file to edit. If you do not use a fully qualified file name, adds the current working directory to the beginning of the file name you specify. Regardless of how you specify the file to edit, all file names are fully qualified after invoking The command also recognizes and supports files that are symbolic links. can edit only one file at a time. If you specify multiple file names as arguments, edits the first file specified and ignores the subse- quent file names. The HP-UX RBAC feature also provides the ability to customize how and check user authorizations. (See privrun(1M).) The Access Control Policy Switch (ACPS) module of HP-UX RBAC provides responses to applications that must make authorization decisions. The ACPS configura- tion file, controls which modules are consulted for making access decisions, the sequence in which the modules are consulted, and the rules for combining module responses to return results to applications. See acps.conf(4), acps(3) and rbac(5) for more information. Options recognizes the following options: Match only those entries requiring the specified authorization. The specified authorization must exactly match the authorization present in the database (that is, no wildcards allowed). Print usage or help. Check to see if the user has the authorization to edit the file and inform the user of the results. If the authorization check fails, edit the file with the caller's original privileges. Invoke in verbose mode. Operands recognizes the following operands: file File to edit. The cmd_priv Database As described in privrun(1M), the file contains information indicating which authorizations are required to execute commands or edit files. You can also specify a PAM service name in to indicate how should identify itself to PAM if a user must be reauthenticated. The file contains any number of entries, where each entry is specified on a single line in the following format: {command|file} These fields are defined as follows: Field Description command | file For the fully qualified path of a file to edit. This field may contain wildcards as defined in fnmatch(3C). For the fully qualified path of the command that is being wrapped to provide additional privilege. arguments Ignored. (Used only by The operation the user is required to have on the object specified. Together, the forms the authorization. operation must be fully qualified and cannot contain a wild card in object requires that the user has the specified operation on all objects. (Note: this is satisfied by a specifica- tion of in the database if RBAC is in use.) This field may contain the keyword instead of which indicates that no access check is required and the file can be edited with privilege by any user. Ignored. (Used only by compartment Ignored. (Used only by privs Ignored. (Used only by for privileges .) pam-service Reauthentication service. If specified, the user is required to reauthenticate. The command identifies itself to PAM as the service indicated in this field. This allows the security officer to require an additional set of authentica- tion/account management restrictions for particular files for editing. See pam.conf(4) for a list of PAM services. The keyword must be used to indicate that no reauthorization is required. flags Flag values can be specified to indicate whether or not can edit a file. Additional flag values can be specified to indicate whether can execute a command. The specific values allowed are as follows: The file can be both edited and executed. This is mainly intended for scripts. The file cannot be executed. It can only be edited with any other token or empty (nothing after the last ":") The file is a command that can be executed only. It cannot be edited. The Authorization field can contain the keyword instead of which indicates that no access check is required and the command is invoked with privilege for any user. The UID and GID entry in field 4 is ignored by but the slash character separating the IDs must remain. The pam service name in field 7 may also be which indicates reauthentication is not required. White space between each field (immediately surrounding the field separator in this database is optional and ignored by There may be multiple entries with the same file line (but different authorization required). evaluates each entry in the order specified in the file, continuing on to the next only if the user does not have the required authorization. The command option described above allows users to identify a specific authorization to match or find when multiple entries for the same file exist in the database.EXTERNAL INFLUENCESEnvironment Variables specifies the default editor. determines the language in which messages are displayed. International Code Set Support Single-byte character code set is supported.RETURN VALUESuccess If permitted the user to edit the file, then the return value from is the return value of the editor used to edit the file. Failure returns a value of and an appropriate error message is printed to standard error.EXAMPLESExample 1 In the following example, the caller invokes to edit The database is examined for an entry corresponding to the file If this entry is found, then the necessary authorization is retrieved from that entry. then determines whether the user has the necessary authorization and whether the file is allowed to be edited as determined by the value in the flag field. then invokes the editor to edit a copy of as the original file is never edited directly. The environment variable determines which editor invokes. If a user does not set the environment variable, uses the default editor, After the user exits the editor, the edited file replaces the original file. The editor is always invoked as the regular user so that there are no additional privileges given to the user while the file is being edited. Example 2 In the next example, the caller wants to edit the file with a specific authorization of If a entry exists for the file with the associated authorization and editing is allowed per the flag field, then the usual authoriza- tion/edit process takes place. If this entry does not exist, (even if an entry for appears with different associated authorization then fails and prints an error message.FILESDatabase containing valid definitions of all roles. Database containing definitions of all valid authorizations. Database specifying the roles for each specified user. Database defining the authorizations for each role. Database that contains the authorization to execute or edit specified commands or files, and the privileges to alter UID and GID for command execution.SEE ALSOprivrun(1M), rbacdbchk(1M), acps(3), acps.conf(4), rbac(5). privedit(1M)