lskst Command

Purpose

Lists the entries in the kernel security tables.

Syntax

lskst -t table [-C | -f ] [Name [, Name]...]

Description

The lskst command reads the kernel security tables (KST) and displays the information on standard output (stdout). The output of the lskst command might differ from what is displayed by the lsauth, lsrole and lssecattr commands if the associated file databases are modified after the databases are sent to the KST through the setkst command.

Specify the table to be displayed with the -t flag. By default, all the information in the specified table is displayed. Alternatively, a specific entry in the table can be selected by specifying the Name parameter.

By default, the lskst command lists the attributes of each entry on one line. It displays attribute information as Attribute = Value definitions, each separated by a blank space. To list the table attributes in stanza format, use the -f flag. To list the information as colon-separated records, use the -C flag.

Flags

Item	Description
-C	Displays the table attributes in colon-separated records as follows: `#name:attribute1:attribute2:... entry_name:value1:value2:...`
-f	Displays the output in stanzas, with each stanza identified by the entry name. Each Attribute = Value pair is listed on a separate line: `entry_name: attribute1=value attribute2=value attribute3=value`
-t table	Retrieves data from the specified security table from the KST. The parameter for the -t flag can be one of the following values: auth Authorizations table role Role table cmd Privileged command table dev Privileged device table dom Domains domobj Domain objects

Parameters

Item	Description
Name	Represents a specific entry of a kernel table. It can be an authorization, a role, a privileged command or a privileged device, depending on the table specified by the -t table flag.

Security

The lskst command is a privileged command. You must assume a role that has the following authorization to run the command successfully.

Item	Description
aix.security.kst.list	Required to run the command.

Examples

To retrieve all the entries in the role table from the KST, use the following command:
```
lskst -t role
```
To display the entry for the /usr/bin/mycmd command from the privileged command table in stanza format, use the following command:
```
lskst -t cmd -f /usr/bin/mycmd
```
To display the aix.security authorization table in the kernel, use the following command:
```
lskst -t auth aix.security
```
To retrieve all the entries in the domain object table from the KST, use the following command:
```
lskst -t domobj
```