Unix/Linux Go Back    

OpenSolaris 2009.06 - man page for exec_attr (opensolaris section 4)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)

exec_attr(4)				   File Formats 			     exec_attr(4)

       exec_attr - execution profiles database


       /etc/security/exec_attr	is a local database that specifies the execution attributes asso-
       ciated with profiles. The exec_attr file can be used with other sources for execution pro-
       files,  including  the  exec_attr  NIS  map  and  NIS+  table.  Programs  use  the getexe-
       cattr(3SECDB) routines to access this information.

       The search order for multiple execution profile sources	is  specified  in  the	/etc/nss-
       witch.conf  file,  as described in the nsswitch.conf(4) man page. The search order follows
       the entry for prof_attr(4).

       A profile is a logical grouping of authorizations and commands that is  interpreted  by	a
       profile	shell  to form a secure execution environment. The shells that interpret profiles
       are pfcsh, pfksh, and pfsh. See the pfsh(1) man page. Each user's account is assigned zero
       or more profiles in the user_attr(4) database file.

       Each  entry in the exec_attr database consists of one line of text containing seven fields
       separated by colons (:). Line continuations using the backslash (\fR) character	are  per-
       mitted. The basic format of each entry is:


       name	 The name of the profile. Profile names are case-sensitive.

       policy	 The  security	policy that is associated with the profile entry. The valid poli-
		 cies are suser (standard Solaris superuser) and solaris. The solaris policy rec-
		 ognizes privileges (see privileges(5)); the suser policy does not.

		 The  solaris  and  suser policies can coexist in the same exec_attr database, so
		 that Solaris releases prior to the current release can use the suser policy  and
		 the  current  Solaris release can use a solaris policy. solaris is a superset of
		 suser; it allows you to specify privileges in addition to  UIDs.  Policies  that
		 are specific to the current release of Solaris or that contain privileges should
		 use solaris. Policies that use UIDs only or that are not specific to the current
		 Solaris release should use suser.

       type	 The  type  of	object defined in the profile. There are two valid types: cmd and
		 act. The cmd type specifies that the ID field is a command that  would  be  exe-
		 cuted	by  a  shell.  The act type is available only if the system is configured
		 with Trusted Extensions. It specifies that the ID field is  a	CDE  action  that
		 should be executed by the Trusted Extensions CDE action mechanism.

       res1	 Reserved for future use.

       res2	 Reserved for future use.

       id	 A  string  that  uniquely  identifies the object described by the profile. For a
		 profile of type cmd, the id is either the full path to the command or the aster-
		 isk  (*)  symbol, which is used to allow all commands. An asterisk that replaces
		 the filename component in a pathname indicates all files in a particular  direc-

		 To  specify arguments, the pathname should point to a shell script that is writ-
		 ten to execute the command with the desired argument. In  a  Bourne  shell,  the
		 effective  UID is reset to the real UID of the process when the effective UID is
		 less than 100 and not equal to the real UID. Depending on the euid and egid val-
		 ues, Bourne shell limitations might make other shells preferable. To prevent the
		 effective UIDs from being reset to real UIDs, you can start the script with  the
		 -p option.

		   #!/bin/sh -p

		 If  the  Trusted  Extensions feature is configured and the profile entry type is
		 act, the id is either the fully qualified name of a CDE action, or  an  asterisk
		 (*) representing a wildcard. A fully qualified CDE action is specified using the
		 action name and four additional semicolon-separated fields. These fields can  be
		 empty	but  the  semicolons are required. The fields in a CDE action are as fol-

		 argclass    Specifies the argument class (for example, FILE or SESSION.)  Corre-
			     sponds to ARG_CLASS for CDE actions.

		 argtype     Specifies	the  data  type for the argument. Corresponds to ARG_TYPE
			     for CDE actions.

		 argmode     Specifies the read or write mode for the  argument.  Corresponds  to
			     ARG_MODE for CDE actions.

		 argcount    Specifies the number of arguments that the action can accept. Corre-
			     sponds to ARG_COUNT for CDE actions.

       attr	 An optional list of semicolon-separated (;) key-value pairs  that  describe  the
		 security attributes to apply to the object upon execution. Zero or more keys may
		 be specified. The list of valid key words depends on the  policy  enforced.  The
		 following key words are valid: euid, uid, egid, gid, privs, and limitprivs.

		 euid  and  uid  contain a single user name or a numeric user ID. Commands desig-
		 nated with euid run with the effective UID indicated, which is similar  to  set-
		 ting the setuid bit on an executable file. Commands designated with uid run with
		 both the real and effective UIDs. Setting uid may be more appropriate than  set-
		 ting the euid on privileged shell scripts.

		 egid  and gid contain a single group name or a numeric group ID. Commands desig-
		 nated with egid run with the effective GID indicated, which is similar  to  set-
		 ting  the  setgid  bit on a file. Commands designated with gid run with both the
		 real and effective GIDs. Setting gid may be more appropriate than  setting  guid
		 on privileged shell scripts.

		 privs	contains a privilege set which will be added to the inheritable set prior
		 to running the command.

		 limitprivs contains a privilege set which will be  assigned  to  the  limit  set
		 prior to running the command.

		 privs and limitprivs are only valid for the solaris policy.

       Example 1 Using Effective User ID

       The  following  example	shows the audit command specified in the Audit Control profile to
       execute with an effective user ID of root(0):

	 Audit Control:suser:cmd:::/usr/sbin/audit:euid=0




       See attributes(5) for descriptions of the following attributes:

       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       |Availibility		     |SUNWcsr			   |
       |Interface Stability	     |See below.		   |

       The command-line syntax is Committed. The output is Uncommitted.

       When deciding which authorization source to use (see DESCRIPTION), keep in mind that  NIS+
       provides stronger authentication than NIS.

       Because	the  list  of  legal keys is likely to expand, any code that parses this database
       must be written to ignore unknown key-value pairs without error. When any new keywords are
       created,  the  names  should be prefixed with a unique string, such as the company's stock
       symbol, to avoid potential naming conflicts.

       The following characters are used in describing the database format and	must  be  escaped
       with  a	backslash  if  used  as data: colon (:), semicolon (;), equals (=), and backslash

       auths(1), dtaction(1), profiles(1),  roles(1),  sh(1),  makedbm(1M),  getauthattr(3SECDB),
       getauusernam(3BSM),    getexecattr(3SECDB),    getprofattr(3SECDB),   getuserattr(3SECDB),
       kva_match(3SECDB), auth_attr(4), prof_attr(4), user_attr(4), attributes(5), privileges(5)

SunOS 5.11				   30 Mar 2006				     exec_attr(4)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums

All times are GMT -4. The time now is 04:56 AM.