files(4) Kernel Interfaces Manual files(4)
NAME
files - File control database (Enhanced Security)
DESCRIPTION
The file control database (/etc/auth/system/files) is designed to help the Information System Security Officer (ISSO) maintain the
integrity of the system. The database contains entries for system data files and executable files that require certain attributes. Some
files require certain attributes to provide protection against unauthorized access, while others require a specific set of attributes to
accomplish their intended function.
The database is used by the library routine create_file_securely() to determine the set of attributes for a newly created file. Many pro-
grams associated with the trusted computing base (TCB) use this library routine for file creation to ensure that file attributes are set
correctly.
A broad range of attributes can be specified in the file control database. Specific choices depend upon the exact system configuration.
These choices are as follows: This field specifies the owner name for the entry. If an owner name is not specified and the entry is created
using create_file_securely, the owner of the file will be the real user ID of the process creating the file. This field specifies the
group name for the entry. If a group name is not specified and the entry is created using create_file_securely, the group of the file will
be the real group ID of the process creating the file. This field specifies the mode word for the entry. If the mode word is not specified
and create_file_securely is used to create the entry, a mode word of 0 (zero) is assigned to the new file. This field identifies the type
of the entry. This field is not taken into account by create_file_securely when a file is being created. The library routine will only
create regular files. Choices for the type field are as follows: Regular file Directory FIFO device (pipe) Character special device Block
special device Socket
EXAMPLES
The following example is a typical file control database entry for the program /sbin/newfs: /sbin/newfs:f_owner=root:f_group=bin:
:f_type=r:f_mode#04111:
:chkent: This entry specifies that the newfs program has bin as its owner and group, that it is a regular file, and that its mode
is 0111
The following example shows an entry for a site-specific directory that contains help files for an application:
/appl/help_files:f_owner=appadmin:f_group=appl: :f_type=d:f_mode#0750: :chkent; This entry specifies the owner of the
/appl/help_files directory as appadmin, the group as appl, and the mode as 0750.
FILES
Specifies the pathname of the file control database.
RELATED INFORMATION
Functions: getprfient(3)
Files: authcap(4) delim off
files(4)
Check Out this Related Man Page
getesfient(3) Library Functions Manual getesfient(3)
NAME
getesfient, getesfinam, setprfient, endprfient, putesfinam, getprfient, getprfinam, putprfinam - Manipulate file control database entry
(Enhanced Security)
LIBRARY
Security Library (libsecurity.so)
NOTE: In order to quickstart a program, the program must be linked as follows:
-lsecurity -ldb -laud -lm
See the shared library discussion in the Programmer's Guide for more information about using the quickstarting feature.
SYNOPSIS
#include <sys/types.h>
#include <sys/security.h>
#include <prot.h>
struct es_file *getesfient(void);
struct es_file *getesfinam(
char *name);
void setprfient(void);
void endprfient(void);
int putesfinam(
char *name,
struct es_file *pr);
NOTE: The getprfient(), getprfinam(), and putprfinam() routines have been replaced by getesfient(), getesfinam(), and putesfinam() respec-
tively.
PARAMETERS
Specifies a file control database entry name. Specifies a file control database entry structure.
DESCRIPTION
The getesfient() and getesfinam() functions each return a pointer to an object with the following structure containing the separated-out
fields of a line in the file control database. Each line in the database contains a es_file structure, declared in the prot.h header file
as follows: /* File Control Database Entry */
struct esfi_field {
char *fd_name; /* Holds full path name */
uid_t fd_uid; /* uid of owner */
gid_t fd_gid; /* gid of group */
mode_t fd_mode; /* permissions */
char *fd_type; /* file type (one of r,b,c,d,f,s,m) */
mand_ir_t *fd_slevel; /* sensitivity level for file */
acle_t *fd_acl; /* access control list for file */
int fd_acllen; /* number of entries in fd_acl */
priv_t *fd_pprivs; /* potential privileges */
priv_t *fd_gprivs; /* granted privileges */ };
struct esfi_flag {
unsigned int
fg_name:1, /* Is fd_name set? */
fg_uid:1, /* Is fd_uid set? */
fg_gid:1, /* Is fd_gid set? */
fg_mode:1, /* Is fd_mode set? */
fg_type:1, /* Is fd_type set? */
fg_slevel:1, /* Is fd_slevel set? */
fg_acl:1, /* Is fd_acl set? */
fg_pprivs:1, /* Is fd_pprivs set? */
fg_gprivs:1 /* Is fd_gprivs set? */
; };
struct es_file {
AUTH_ESCAP_COMMON
size_t fieldlen;
struct esfi_field *ufld;
struct esfi_flag *uflg; };
The getesfient() function when first called returns a pointer to the first es_file structure in the database; thereafter, it returns a
pointer to the next es_file structure in the database, so successive calls can be used to search the database. The getesfinam() function
searches from the beginning of the database until a file name matching name is found, and returns a pointer to the particular structure in
which it was found. If an end-of-file or an error is encountered on reading, these functions return a null pointer.
A call to the setprfient() function has the effect of rewinding the file control database to allow repeated searches. The endprfient()
function can be called to close the file control database when processing is complete.
The putesfinam() function puts a new or replaced file control entry pr with key name into the database. If the uflg->fg_name field is a 0
(zero), the requested entry is deleted from the file control database. The putesfinam() function locks the database for all update opera-
tions, and performs a endprfient() after the update or failed attempt.
The file control database stores a list of entries for security relevant files. This database is used by the setfiles program to assign and
maintain the security attributes of system files.
The fd_name pointer refers to the file name, which can be an absolute pathname or a pathname whose last component is an * (asterisk), which
is treated as a wildcard entry. Entries that refer to a specific file in a directory supersede the wildcard entry if the absolute pathname
precedes the wildcard entry in the database. The fd_uid and fd_gid fields are the numeric owner and group of the file. The fd_mode field
is the mode word, including owner, group, and other permissions, as well as the SUID and SGID bits. The fd_type field contains a one-char-
acter file type indicator: r (regular), b (block-special), c (character-special), d (directory), f (FIFO), s (symbolic link), The fd_acl
field, if set, references the textual representation of the file's access control list. The fd_acllen field is not currently used.
NOTES
Programs using these functions must be compiled with -lsecurity.
Structures returned by the database routines contain pointers to character strings and lists rather than being self-contained. The copy
function must be used rather than doing a structure assignment to save a returned structure.
The value returned by getesfinam() and getesfient() refers to a structure that is overwritten by calls to these functions. To retrieve an
entry, modify it, and replace it in the database, you must copy the entry using copyesfient() and supply the modified buffer to putesfi-
nam().
RETURN VALUES
The getesfient() and getesfinam() functions return null pointers on EOF or an error. The putesfinam() function returns a value of 0 (zero)
if it cannot add or update the entry.
FILES
Description file of directories, devices, control, and commands modified for security. General security databases file.
RELATED INFORMATION
Files: authcap(4), files(4)
Security delim off
getesfient(3)