Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

authopen(1) [osx man page]

AUTHOPEN(1)						    BSD General Commands Manual 					       AUTHOPEN(1)

authopen -- open file with authorization SYNOPSIS
authopen [-stdoutpipe] [-extauth] filename authopen [-stdoutpipe] [-extauth] -w [-a] filename authopen [-stdoutpipe] [-extauth] -c [-x -m mode -w] filename authopen [-stdoutpipe] [-extauth] -o flags filename authopen -h DESCRIPTION
authopen provides authorization-based file opening services. In its simplest form, authopen verifies that it is allowed to open filename (using an appropriate sys.openfile.* authorization right) and then writes the file to stdout. If -w is specified, authopen will read from stdin and write to the file. authopen is designed to be used both from the command line and programmatically. The -stdoutpipe flag allows a parent process to receive an open file descriptor pointing to the file in question. Before opening filename, authopen will make an authorization request for a right of the form: sys.openfile.[readonly|readwrite|readwritecreate]./fully/qualified/path '.readonly' rights only allow for read-only file descriptors. '.readwrite' rights allow for read/write file descriptors. '.readwritecreate' rights allow for read/write descriptors and the creation of new files. The -extauth option can be used to provide an AuthorizationRef constructed by the client. This generally prevents authopen from presenting an authorization dialog containing its own name. OPTIONS
-stdoutpipe specifies that STDOUT_FILENO has been dup2()'d onto a pipe to a parent process and that an open file descriptor to filename (with the appropriate access mode) should be sent back across it using the SCM_RIGHTS extension to sendmsg(2) rather than having the file itself written to or read from stdin / stdout. -extauth specifies that authopen should read one AuthorizationExternalForm structure from stdin, convert it to an AuthorizationRef, and attempt to use it to authorize the open(2) operation. The authorization should refer to the sys.apenfile right corresponding to the requested operation. The authorization data will be read before any additional data supplied on stdin, and will not be included in data written with -w. -w instructs authopen to open filename read/write and truncate it. If -stdoutpipe has not been specified, authopen will then copy stdin to filename until stdin is closed. -a append to filename rather than truncating it (truncating is the default). -c create the file if it doesn't exist. -m requires -c. -m mode specify the mode bits if a file is created. -o flags numerically specify the flags that should be passed to open(2). -x require that the file being created not exist. EXAMPLES
To replace /etc/hostconfig (assuming sys.openfile.readwrite./etc/hostconfig or better can be obtained): $ cat tmpdata | authopen -w /etc/hostconfig ERRORS
authopen will fail if an appropriate sys.openfile.readonly.*, sys.openfile.readwrite.*, or sys.openfile.readwritecreate.* right cannot be obtained or if the named path does not exist. BUGS
authopen should support prefix path authentication such that the right sys.openfile.*./dev/ could give access to all /dev entries and sys.openfile.*./dev/disk1 could give access to all disk1-related /dev entries. authopen should use getopt(3). LOCATION
/usr/libexec/authopen SEE ALSO
open(2), Security/Authorization.h, realpath(3), recvmsg(2). W. Richard Stevens, "Passing File Descriptors", Advanced Programming in the UNIX Environment. HISTORY
authopen appeared in Mac OS X 10.1 to assist with the manipulation of disk devices. Darwin 28 Feb 2013 Darwin

Check Out this Related Man Page

MOUNT_FDESC(8)						    BSD System Manager's Manual 					    MOUNT_FDESC(8)

mount_fdesc -- mount the file-descriptor file system SYNOPSIS
mount_fdesc [-o options] fdesc mount_point DESCRIPTION
The mount_fdesc command attaches an instance of the per-process file descriptor namespace to the global filesystem namespace. The conven- tional mount point is /dev and the filesystem should be union mounted in order to augment, rather than replace, the existing entries in /dev. This command is normally executed by mount(8) at boot time. The options are as follows: -o Options are specified with a -o flag followed by a comma separated string of options. See the mount(8) man page for possible options and their meanings. The contents of the mount point are fd, stderr, stdin, stdout and tty. fd is a directory whose contents appear as a list of numbered files which correspond to the open files of the process reading the directory. The files /dev/fd/0 through /dev/fd/# refer to file descriptors which can be accessed through the file system. If the file descriptor is open and the mode the file is being opened with is a subset of the mode of the existing descriptor, the call: fd = open("/dev/fd/0", mode); and the call: fd = fcntl(0, F_DUPFD, 0); are equivalent. The files /dev/stdin, /dev/stdout and /dev/stderr appear as symlinks to the relevant entry in the /dev/fd sub-directory. Opening them is equivalent to the following calls: fd = fcntl(STDIN_FILENO, F_DUPFD, 0); fd = fcntl(STDOUT_FILENO, F_DUPFD, 0); fd = fcntl(STDERR_FILENO, F_DUPFD, 0); Flags to the open(2) call other than O_RDONLY, O_WRONLY and O_RDWR are ignored. The /dev/tty entry is an indirect reference to the current process's controlling terminal. It appears as a named pipe (FIFO) but behaves in exactly the same way as the real controlling terminal device. FILES
/dev/fd/# /dev/stdin /dev/stdout /dev/stderr /dev/tty SEE ALSO
mount(2), unmount(2), tty(4), fstab(5), mount(8) CAVEATS
No ~. and .. entries appear when listing the contents of the /dev/fd directory. This makes sense in the context of this filesystem, but is inconsistent with usual filesystem conventions. However, it is still possible to refer to both ~. and .. in a pathname. This filesystem may not be NFS-exported. HISTORY
The mount_fdesc utility first appeared in 4.4BSD. 4.4BSD March 27, 1994 4.4BSD
Man Page