Query: privrun
OS: hpux
Section: 1m
Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar
privrun(1M) privrun(1M)NAMEprivrun - invoke another application with privileges after performing appropriate authorization checks and optionally reauthenticating the userSYNOPSISauthorization] compartment] [gid|groupname]] [gid|groupname]] privileges] [uid|username]] [uid|username]] command [args]DESCRIPTIONallows a user to run legacy applications with elevated privileges according to the authorizations associated with that user. The user invokes specifying the legacy application as command line arguments. consults the database to determine which authorization is required to run the command with additional privileges. (The authorization is specified as an operation and a target object.) If the user has the necessary authorization, invokes the specified command after changing its UID and/or GID as specified in the database. also allows a com- mand to be run with a specified set of fine-grained privileges, and/or in a specified compartment. The method to determine whether the user has the necessary authorization is configurable by the system administrator. A module is provided to associate a fixed set of authorizations with the user based on the user's role. See rbac(5) for more information. Options recognizes the following options: Match only those entries requiring the specified authorization. authorization is defined as pairs in the database. The specified authorization must exactly match the authorization present in the file (that is, wildcarding not supported.) Matches the specified compartment in the database. The specified compartment must exactly match the compartment present in the file. Match only those entries containing the effective group ID (EGID) corresponding to the specified EGID or the EGID associated with the group name. Match only those entries containing the real group ID (RGID) corresponding to the specified RGID or the RGID associated with the group name Prints usage or help. Matches the specified privileges to the privileges in the database. When specifying multiple privileges, separate each privilege with a comma. Any privileges specified with option, must have a match in the database. Check to see if the user has the authorization to execute the command and inform the user of the results. The command will not be invoked. Match only those entries containing the effective user ID (EUID) corresponding to the specified EUID or the EUID associated with the user name. Match only those entries containing the real user ID (RUID) corresponding to the specified RUID or the RUID associated with the user name. Invoke in verbose mode. The verbose level will be increased if two options are specified. An increased verbose level will print more information. If the authorization check fails, the program will still be executed with original caller's privileges only. Operands recognizes the following operands: command [args] The HP-UX command to run. command must be fully qualified. If it is not, then will use the current working directory and the environment variable to determine the desired command. args specifies any argument that the command recog- nizes. The cmd_priv Database The file contains information on which authorizations are required to execute each command binary, or edit each file. It also has the resulting privileges (real, effective UID and GID, fine-grained privileges, compartment) associated with the binary. If the user is required to reauthenticate prior to successful authorization, a PAM service name is specified in this file and indicates how should iden- tify itself to PAM. See pam.conf(4) for more detailed information. The file contains any number of entries, where each entry is specified on a single line in the following format: {command|file} These fields are defined as follows: Field Description command|file For the fully qualified path of the command being wrapped to provide additional privileges. For the fully qualified path of a file to edit. This field may contain wildcards as defined in fnmatch(3C). arguments The exact set of arguments (matched as a string) the user must invoke. If this field is empty, the command may not be invoked with any arguments. If this field contains the keyword the specified command may be invoked with any arguments. This field is only used by and ignored by The operation the user is required to have on the object specified. Together, the forms the authorization. operation must be fully qualified and cannot contain a wild card An entry of in object requires that the user has the specified operation on all objects. (Note: This is satisfied by a specifica- tion of in the database if RBAC is in use.) This field may contain the keyword instead of which indicates that no access check is required and the command is invoked with priv- ilege for any user. Real/Effective UID/GID. Part of the privileges granted to the wrapped command (process) if the user has the specified authorization. If any of these fields are specified, calls or before invoking the command. These fields can also be specified by name, in which case a conversion will be performed at invocation time. This field is only used by and ignored by The UID and GID specifications in this field are optional. No ID present indicates the field is to remain unchanged; however, the slash characters separating the IDs must remain. compartment Compartment to invoke application in. A compartment is an attribute associated with a process to compartmentalize different OS pro- cesses. If compartments are not enabled on the system, this field should be set to An error may occur if this field is left empty. Refer to compartments(5) for more information on compartments. This field is only used by and ignored by privs Fine-grained privileges to be associated with at invocation. These privileges may be used in lieu of to perform specific kernel operations. If the field is set to basic privileges will be granted to the process. Refer to privileges(5) for more detailed information. This field is only used by and ignored by pam-service Reauthentication service. If specified, the user will be reauthenticated. The command will identify itself to PAM as the service indicated in this field. This allows the security officer to require an additional set of restrictions for particular commands. See pam.conf(4) for a list of PAM services. The keyword must be used to indicate that no reauthorization is required. flags This field is used by both and In there is only one defined flag. If the flag is set to then none of the environment variables will be scrubbed. For the flag usage in please see privedit(1M) for more details. is expected to appear in this field for the command. White space between each field and immediately surrounding the colon field separator is optional and ignored by the command. There can be multiple entries in with the same command line, but requiring different authorizations required and resulting in different privileges. evaluates each entry in the order specified in the file, continuing on to the next only if the user does not have the required authorization. If you want to match a particular entry in use command options to specify the set of privileges for the desired entry.EXTERNAL INFLUENCESEnvironment Variables determines the language in which messages are displayed. International Code Set Support Single-byte character code set is supported.RETURN VALUESuccess If permitted the user to execute the program, then the return value from will be the return value of the program executed. Failure returns a value of and an appropriate error message will be printed to stderr.EXAMPLESExample 1 In the following example, the caller invokes to execute the command, with as the argument to the command. examines the database for an entry corresponding to the command If this entry is found, then the necessary authorization is retrieved from that entry. invokes the command if the user has the necessary authorization. In the following example, the caller wants to change the UID of the calling process to 28 change the GID of the calling process to other and execute the command If an entry exists for the command with the associated EUID set to 28, and the EGID set to the EGID corresponding to the group name the usual authorization and invocation process occurs. If this entry does not exist, (even if an entry for appears with different associated privileges (EUID/EGID)), the command fails and prints an error message. Example 2 In the following example, the caller wants to execute the command within compartment If an entry exists for the command with the compartment specified as then the command will be executed in the compartment. If this entry does not exist, (even if an entry for appears with different compartment specification), the command fails and prints an error message.FILESDatabase containing valid definitions of all roles. Database containing definitions of all valid authorizations. Database specifying the roles for each specified user. Database defining the authorizations for each role. Database defining the authorization information needed to execute commands and and edit files under access control.SEE ALSOauthadm(1M), cmdprivadm(1M), cmpt_tune(1M), rbacdbchk(1M), roleadm(1M), compartments(5), privileges(5), rbac(5). privrun(1M)