Contains the security attributes for privileged files.
The /etc/security/privfiles file is an ASCII stanza file that contains privileged files and their security attributes. Each stanza in the /etc/security/privfiles file is identified by the full path name to the file, followed by a colon (:). Each stanza contains attributes in the Attribute=Value form. The path name must be the absolute path to the file and cannot contain symbolic link directories or be a symbolic link to the file. Each Attribute=Value pair is ended by a newline character, and each stanza is ended by an additional newline character. For an example of a stanza, see Examples.
Modifying and Listing Entries in the privfiles File
Attribute | Description |
---|---|
readauths | Specifies the authorizations required to read from the file as a comma-separated list of authorization names. A user with any of the authorizations can use the /usr/bin/pvi command to read from the privileged file. |
writeauths | Specifies the authorizations required to write to the file as a comma-separated list of authorization names. A user with any of the authorizations can use the /usr/bin/pvi command to write to the privileged file. |
Read and write access is granted to the root user, and read access is granted to members of the security group. Access for other users and groups depends on the security policy for the system.
The following example for a File displays a typical stanza in the file:
/etc/myconf:
readauths = aix.security.role.list
writeauths = aix.security.role.change
This entry indicates that users with the aix.security.role.list authorization can use the pvi command to read the /etc/myconf file. Users with the aix.security.role.change authorization can use the pvi command to write to the /etc/myconf file.