Contains security attributes for privileged commands.
The /etc/security/privcmds file is an ASCII stanza file that contains privileged commands and their security attributes. Each stanza in the /etc/security/privcmds file is identified by the full path name to the command, followed by a colon (:). Each stanza contains attributes in the Attribute=Value form. The path name must be the absolute path to the command and cannot contain symbolic link directories or be a symbolic link to the command. Each Attribute=Value pair is ended by a newline character, and each stanza is ended by an additional newline character. For an example of a stanza, see Examples.
Changes made to the privcmds file do not impact security considerations until the entire privileged command database is sent to the Kernel Security Tables through the setkst command or until the system is rebooted.
Modifying and Listing Entries in the privcmds File
A stanza in this file contains one or more of the following security attributes:
Item | Description |
---|---|
accessauths | Specifies the access authorizations as a comma-separated list of authorization names. A user whose current session has one of the authorizations in the list is allowed to run the command. You can specify a maximum of 16 authorizations. This attribute also allows three special values:
|
authprivs | Specifies the authorized privileges that are
assigned to the process on a specific authorization basis. The user
running the command must gain access to the command through the accessauths attribute to enable the authprivs attribute.
For each authorization in the list that is processed, the associated
set of privileges is granted. The maximum number of authorization
and privileges pairs is 16. The authorization and its corresponding
privileges are separated by an equal sign (=), individual privileges
are separated by a plus sign (+), and the authorization and privileges
pairs are separated by a comma, as shown in the following line: auth=priv+priv...,auth=priv+priv...,... This attribute also supports three special authorization values: ALLOW_OWNER, ALLOW_GROUP, and ALLOW_ALL, to specify the additional privileges granted to the command owner, group or everyone, respectively. |
authroles | The role or list of roles. Users having these have to be authenticated to allow execution of the command. A maximum of sixteen roles can be specified. |
innateprivs | Specifies the file name of the message catalog that contains the one-line description of the authorization. The value is a character string. |
msgset | Specifies a comma-separated list of privileges assigned to the process during the running of the command. The specified privileges are assigned to the process only if the command invocation is authorized through the access authorizations. |
inheritprivs | Specifies a comma-separated list of privileges that is passed to child processes. |
euid | Specifies the effective user ID to assume during the running of the command. |
egid | Specifies the effective group ID to assume during the running of the command. |
ruid | Specifies the real user ID to assume during the running of the command. |
secflags | Specifies a comma-separated list of file security
flags. The following value is valid:
|
The root user and the security group own this file. Read and write access is granted to the root user. Access for other users and groups depends on the security policy for the system.
/usr/bin/myprog:
accessauths = aix.security.user.create,aix.security.user.change
authprivs = aix.ras.audit=PV_AU_ADMIN
innateprivs = PV_DAC_R,PV_DAC_W
secflags = FSF_EPS
This entry indicates that the
user running this command must be in a role session that has one of
the authorizations listed in the accessauths attribute to run
the command. If this condition is true, the privileges listed in the innateprivs attribute are granted to the resulting process. Also,
if the user running this command has one of the privileged authorizations
listed in the authprivs attribute, the process is granted the
additional associated privileges.