Contains the list of valid, user-defined authorizations.
The /etc/security/authorizations file stores the list of valid, user-defined authorizations available on a system. An authorization administrator can modify user-defined authorizations. System-defined authorizations do not appear in this file. You can add new authorizations to this file using the mkauth command and modify authorizations using the chauth command.
The /etc/security/authorizations file is an ASCII file that uses a stanza for each user-defined authorization. Each stanza is identified by the authorization name followed by a colon (:). You can list authorization attributes individually as Attribute=Value pairs on subsequent lines. Each attribute pair ends with a newline character, as does each stanza. For an example of a stanza, see Examples.
When the system is operating in Enhanced RBAC Mode, changes that you make to the authorizations file do not impact security considerations until you send the entire authorization database to the Kernel Security Tables using the setkst command, or until the system is rebooted.
Modifying and listing entries in the authorizations file
A stanza in this file contains one or more of the following attributes:
Attribute | Description |
---|---|
id | Specifies the unique numeric ID of the authorization. This is a required attribute and is used internally for security decisions. Do not modify this ID after creating the authorization. The value is a unique decimal integer greater than 10000. Values below 10000 are reserved for system-defined authorizations. |
dfltmsg | Specifies the default authorization-description text if message catalogs are not in use. The value is a character string. |
msgcat | Specifies the file name of the message catalog that contains the one-line description of the authorization. The value is a character string. |
msgset | Specifies the message set that contains the authorization description in the message catalog. The value is a decimal integer. |
msgnum | Specifies the message ID that contains the authorization description in the message catalog. The value is a decimal integer. |
The root user and the security group own this file. This files grants read and write access to the root user. Access for other users and groups depends on the security policy for the system.
custom:
id = 11000
dfltmsg = "Custom Authorization"
msgcat = "custom_auths.cat"
msgset = 1
msgnum = 5