Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

getfilexsec(1m) [hpux man page]

getfilexsec(1M) 														   getfilexsec(1M)

NAME

       getfilexsec - display security attributes of binary executable(s)

SYNOPSIS

       filename...

DESCRIPTION

       The command displays various extended security attributes associated with binary executable files.  These attributes include retained priv-
       ileges, permitted privileges, and compartment and security attribute flags.  See privileges(5) and exec(2)

   Options
       The command supports the following options:

	      Displays the compartment name of the file(s).

	      Displays security attribute flags.
			The only currently defined flag is the privilege start flag.

	      Displays the minimum permitted privileges.

	      Displays the maximum permitted privileges.

	      Displays the minimum retained privileges.

	      Displays the maximum retained privileges.

       If no options are specified, all extended security attributes of the binary file(s) are displayed.

   Operands
       supports the following operand:

	      filename	Binary executable file.  All file names given as arguments must be binary executables.	Files of other types (for example,
			script executables, text files, and so on) are not permitted.

   Security Restrictions
       The user invoking this command must be able to open the directory in which the binary executable files are present.

RETURN VALUE

       returns the following values:

	      Successful completion.
		     The attributes are displayed.

	      An error occurs.
		     An error can be caused by an invalid option or inadequate permissions to perform the operation.

EXAMPLES

       Example 1: Display the maximum permitted privileges and privilege-aware flag of binary executable file

       Sample output:

	      /web/java:
	      Flag: start_nil
	      PermittedMaxPrivileges: CMPTREAD, CMPTWRITE

SEE ALSO

       setfilexsec(1M), exec(2), compartments(5), privileges(5).

																   getfilexsec(1M)

Check Out this Related Man Page

getrules(1M)															      getrules(1M)

NAME

       getrules - display compartment rules

SYNOPSIS


       [compartment_name]...

       interface_name[...]  ipaddr/mask[...]

       [interface_name...]  [IPaddress...]

DESCRIPTION

       displays rules defined for compartment(s) or network interface(s).  This command can only be used when compartmentalization is enabled (see
       cmpt_tune(1M)).

       If no options are specified, all subsystem rules for the given compartment are displayed.  If no compartment_name is specified, information
       on all compartments is displayed.

   Options
       recognizes the following options:

	      Displays all the compartments configured on the system.

	      Displays the file system rules for the compartment(s).

	      Displays the IPC system rules for the compartment(s).

	      Displays the compartment names associated with the
		   interface(s)  and  the  IP address/mask as set by a previous invocation of Either the interface_name or the ipaddr/mask must be
		   specified.  More than one interface_name and/or IPaddress can be specified.

	      Displays the compartment names associated with the logical
		   interface(s) and the IP addresses as applied by the kernel.	When interface rules conflict with each other, this option can	be
		   used  to find how the conflicts are resolved.  If no arguments are specified, information about all currently active interfaces
		   is displayed.

	      Displays the network system rules for the compartment(s).

	      Displays all the interface rules being applied by the kernel on
		   the specified compartment(s).  If no compartment name is specified all the interface rules being applied by the kernel  on  all
		   the existing compartments will be displayed.

	      Displays the disallowed privileges list in short form for compartment(s).
		   The short form includes compound privileges in the privilege list.

	      Displays the disallowed privileges list in literal form for compartment(s).
		   The literal form expands compound privileges in the privilege list.

	      Displays all the compartment rules of the specified compartment(s) in the
		   machine  parsable  format.	Using  the  ""	or "" command is useful when used in combination with discover mode.  See compart-
		   ments(5).

   Operands
       recognizes the following operands:
	      compartment_name Name of the compartment for which information is displayed.

	      interface_name
		     Name of the network interface for which information is displayed.

	      IPaddress
		     An IPv4 or IPv6 address

	      ipaddr/mask
		     An IPv4 address or an IPv6 address and the corresponding mask.

   Notes
       The command is provided for diagnostic purposes, and as such the output of the command may change.

       Some rules can be expressed in multiple forms.  For instance, specifying that it can send a signal to is the same as specifying that it can
       receive signals from As this command displays the rules only once, it can be misleading when interpreting the output.

   Security Restrictions
       The user invoking this command must have one of the following authorizations:

       See authadm(1M)).

RETURN VALUE

       returns the following values:

	      Successful completion.
		   The rules are displayed.

	      An error occurred.
		   An error can be caused by an invalid option or because the user does not have permissions to perform the operation.

EXAMPLES

       Example: Display all file system rules for the compartment named web:

       Sample output:

	      Compartment Name: web : sealed
		  Disallowed Privileges: POLICY

		  File System Rules:
		  ------------------
		  PERMISSION			      PATHNAME
		  read, write, create, unlink	      /

SEE ALSO

       cmpt_tune(1M), setrules(1M), compartments(4), compartments(5), privileges(5).

																      getrules(1M)
Man Page