Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

files(4) [osf1 man page]

files(4)						     Kernel Interfaces Manual							  files(4)

NAME

       files - File control database  (Enhanced Security)

DESCRIPTION

       The  file  control  database  (/etc/auth/system/files)  is  designed  to  help  the Information System Security Officer (ISSO) maintain the
       integrity of the system. The database contains entries for system data files and executable files that  require	certain  attributes.  Some
       files  require  certain	attributes to provide protection against unauthorized access, while others require a specific set of attributes to
       accomplish their intended function.

       The database is used by the library routine create_file_securely() to determine the set of attributes for a newly created file.	Many  pro-
       grams  associated  with	the trusted computing base (TCB) use this library routine for file creation to ensure that file attributes are set
       correctly.

       A broad range of attributes can be specified in the file control database. Specific choices depend upon	the  exact  system  configuration.
       These choices are as follows: This field specifies the owner name for the entry. If an owner name is not specified and the entry is created
       using create_file_securely, the owner of the file will be the real user ID of the process creating the  file.   This  field  specifies  the
       group  name for the entry. If a group name is not specified and the entry is created using create_file_securely, the group of the file will
       be the real group ID of the process creating the file.  This field specifies the mode word for the entry. If the mode word is not specified
       and  create_file_securely is used to create the entry, a mode word of 0 (zero) is assigned to the new file.  This field identifies the type
       of the entry.  This field is not taken into account by create_file_securely when a file is being created. The  library  routine	will  only
       create  regular files.  Choices for the type field are as follows: Regular file Directory FIFO device (pipe) Character special device Block
       special device Socket

EXAMPLES

       The following example is a typical file control database entry for the program /sbin/newfs: /sbin/newfs:f_owner=root:f_group=bin:
	       :f_type=r:f_mode#04111:
	       :chkent: This entry specifies that the newfs program has bin as its owner and group, that it is a regular file, and that  its  mode
       is 0111

       The   following	 example   shows   an	entry	for   a   site-specific   directory   that   contains	help  files  for  an  application:
       /appl/help_files:f_owner=appadmin:f_group=appl:       :f_type=d:f_mode#0750:	    :chkent;  This  entry  specifies  the  owner  of   the
       /appl/help_files directory as appadmin, the group as appl, and the mode as 0750.

FILES

       Specifies the pathname of the file control database.

RELATED INFORMATION

       Functions: getprfient(3)

       Files: authcap(4) delim off

																	  files(4)

Check Out this Related Man Page

devassign(4)						     Kernel Interfaces Manual						      devassign(4)

NAME

       devassign - Device assignment database file (Enhanced Security)

DESCRIPTION

       The system supports a single device assignment database that contains entries for login terminals and X terminals.  Authentication programs
       use information in the device assignment database to determine if a login is permitted on the terminal.	Information from the terminal con-
       trol database, /etc/auth/system/ttys.db, can also affect terminal login permissions.

       A  device  assignment database entry consists of keyword field identifiers and values for those fields.	If a necessary value is not speci-
       fied in an entry, a default value for the field is supplied from the system default file, /etc/auth/system/default.  The edauth utility	is
       used to alter device assignment database entries.

       The  format  of the terminal control database file is identical to other system authentication database files and is described in the auth-
       cap(4) reference page.  The following keyword identifiers are supported: The identifier in this field specifies a comma-separated  list	of
       aliases	that  refer  to  the  same  device defined by the entry. Use of this field avoids the need to replicate device assignment database
       entries for all device aliases.	This field is ignored if it is set in a template or in the default database.   This  field  specifies  the
       device  that  is  described  by the entry.  Device types supported include: The device is assigned as a local login terminal device.  The X
       windows display entry for handling graphics heads or X terminals.

       This field is ignored if it is set in a template or in the default database.  This field, if specified, contains a comma-separated list	of
       user names that are permitted to use the device for login or the import and export of data.  If the list is not present, all users are per-
       mitted to use the device. If the list is present, it is searched for a match by the login program to determine if the user is permitted	to
       use the device.

       This field is ignored if it is set in a template or in the default database.

EXAMPLES

       The  following example shows a device assignment database entry for a terminal device with a list of allowed users: tty0:v_devs=/dev/tty0:
	    :v_type=terminal:v_users=may,tdy,ssv,rgb:	    :chkent:

       The    following     example	shows	  a	device	   assignment	  database     entry	 for	 an	X     terminal	   device:
       local:0|local:0.0:v_devs=local:0,local:0.0:v_type=xdisplay:chkent:

FILES

       Specifies the pathname of the file.

RELATED INFORMATION

       Commands: cpio(1), login(1), tar(1), edauth(8)

       Functions: getdvagent(3)

       Files: authcap(4), default(4), ttys(4) delim off

																      devassign(4)
Man Page