Purpose
Accesses
the system information in the user database.
Library
Security Library (libc.a)
Syntax
#include <usersec.h>
#include <userconf.h>
int getconfattr (sys, Attribute, Value, Type)
char * sys;
char * Attribute;
void *Value;
int Type;
int putconfattr (sys, Attribute, Value, Type)
char * sys;
char * Attribute;
void *Value;
int Type;
Description
The getconfattr subroutine
reads a specified attribute from the system information database.
The putconfattr subroutine writes a specified attribute to
the system information database.
Parameters
- sys
- System attribute. The following possible attributes are defined
in the userconf.h file.
- SC_SYS_LOGIN
- SC_SYS_USER
- SC_SYS_ADMUSER
- SC_SYS_AUDIT SEC_LIST
- SC_SYS_AUSERS SEC_LIST
- SC_SYS_ASYS SEC_LIST
- SC_SYS_ABIN SEC_LIST
- SC_SYS_ASTREAM SEC_LIST
Users can define the system attribute parameter. In this
case, the parameter value is used as a stanza name. The stanza name
contains the specified attribute and value in the Attribute and Value parameters.
The putconfattr subroutine creates this
stanza in the file associated with the attribute. The getconfattr subroutine
retrieves the value for the specified attribute and user defined stanza.
- Attribute
- Specifies which attribute is read. The following possible attributes
are defined in the usersec.h file:
- S_CORECOMP
- Core compression status. The attribute type is SEC_CHAR.
- S_COREPATH
- Core path specification status. The attribute type is SEC_CHAR.
- S_COREPNAME
- Core path specification location. The attribute type is SEC_CHAR.
- S_CORENAMING
- Core naming status. The attribute type is SEC_CHAR.
- S_PGRP
- Principle group name. The attribute type is SEC_CHAR.
- S_GROUPS
- Groups to which the user belongs. The attribute type is SEC_LIST.
- S_ADMGROUPS
- Groups for which the user is an administrator. The attribute type
is SEC_LIST.
- S_ADMIN
- Administrative status of a user. The attribute type is SEC_BOOL.
- S_AUDITCLASSES
- Audit classes to which the user belongs. The attribute type is SEC_LIST.
- S_AUTHSYSTEM
- Defines the user's authentication method. The attribute type
is SEC_CHAR.
- S_HOME
- Home directory. The attribute type is SEC_CHAR.
- S_SHELL
- Initial program run by a user. The attribute type is SEC_CHAR.
- S_GECOS
- Personal information for a user. The attribute type is SEC_CHAR.
- S_USRENV
- User-state environment variables. The attribute type is SEC_LIST.
- S_SYSENV
- Protected-state environment variables. The attribute type is SEC_LIST.
- S_LOGINCHK
- Specifies whether the user account can be used for local logins.
The attribute type is SEC_BOOL.
- S_HISTEXPIRE
- Defines the period of time (in weeks) that a user cannot reuse
a password. The attribute type is SEC_INT.
- S_HISTSIZE
- Specifies the number of previous passwords that the user cannot
reuse. The attribute type is SEC_INT.
- S_MAXREPEAT
- Defines the maximum number of times a user can repeat a character
in a new password. The attribute type is SEC_INT.
- S_MINAGE
- Defines the minimum age in weeks that the user's password must
exist before the user can change it. The attribute type is SEC_INT.
- S_PWDCHECKS
- Defines the password restriction methods for this account. The
attribute type is SEC_LIST.
- S_MINALPHA
- Defines the minimum number of alphabetic characters required
in a new user's password. The attribute type is SEC_INT.
- S_MINDIFF
- Defines the minimum number of characters required in a new password
that were not in the old password. The attribute type is SEC_INT.
- S_MINLEN
- Defines the minimum length of a user's password. The attribute
type is SEC_INT.
- S_MINOTHER
- Defines the minimum number of non-alphabetic characters required
in a new user's password. The attribute type is SEC_INT.
- S_DICTIONLIST
- Defines the password dictionaries for this account. The attribute
type is SEC_LIST.
- S_SUCHK
- Specifies whether the user account can be accessed with the su command.
Type SEC_BOOL.
- S_REGISTRY
- Defines the user's authentication registry. The attribute type
is SEC_CHAR.
- S_RLOGINCHK
- Specifies whether the user account can be used for remote logins
using the telnet or rlogin commands. The attribute type
is SEC_BOOL.
- S_DAEMONCHK
- Specifies whether the user account can be used for daemon execution
of programs and subsystems using the cron daemon or src.
The attribute type is SEC_BOOL.
- S_TPATH
- Defines how the account may be used on the trusted path. The
attribute type is SEC_CHAR. This attribute must be one of the
following values:
- nosak
- The secure attention key is not enabled for this account.
- notsh
- The trusted shell cannot be accessed from this account.
- always
- This account may only run trusted programs.
- on
- Normal trusted-path processing applies.
- S_MINLOWERALPHA
- Defines the minimum number of lowercase alphabetic characters
required in a new user password. The attribute type is SEC_INT.
- S_MINUPPERALPHA
- Defines the minimum number of uppercase alphabetic characters
required in a new user password. The attribute type is SEC_INT.
- S_MINDIGIT
- Defines the minimum number of digits required in a new user password.
The attribute type is SEC_INT.
- S_MINSPECIALCHAR
- Defines the minimum number of special characters required in a
new user password. The attribute type is SEC_INT.
-
- S_TTYS
- List of ttys that can or cannot be used to access this account.
The attribute type is SEC_LIST.
- S_SUGROUPS
- Groups that can or cannot access this account. The attribute
type is SEC_LIST.
- S_EXPIRATION
- Expiration date for this account, in seconds since the epoch.
The attribute type is SEC_CHAR.
- S_AUTH1
- Primary authentication methods for this account. The attribute
type is SEC_LIST.
- S_AUTH2
- Secondary authentication methods for this account. The attribute
type is SEC_LIST.
- S_UFSIZE
- Process file size soft limit. The attribute type is SEC_INT.
- S_UCPU
- Process CPU time soft limit. The attribute type is SEC_INT.
- S_UDATA
- Process data segment size soft limit. The attribute type is SEC_INT.
- S_USTACK
- Process stack segment size soft limit. Type: SEC_INT.
- S_URSS
- Process real memory size soft limit. Type: SEC_INT.
- S_UCORE
- Process core file size soft limit. The attribute type is SEC_INT.
- S_PWD
- Specifies the value of the passwd field in the /etc/passwd file.
The attribute type is SEC_CHAR.
- S_UMASK
- File creation mask for a user. The attribute type is SEC_INT.
- S_LOCKED
- Specifies whether the user's account can be logged into. The
attribute type is SEC_BOOL.
- S_UFSIZE_HARD
- Process file size hard limit. The attribute type is SEC_INT.
- S_UCPU_HARD
- Process CPU time hard limit. The attribute type is SEC_INT.
- S_UDATA_HARD
- Process data segment size hard limit. The attribute type is SEC_INT.
- S_USTACK_HARD
- Process stack segment size hard limit. Type: SEC_INT.
- S_URSS_HARD
- Process real memory size hard limit. Type: SEC_INT.
- S_UCORE_HARD
- Process core file size hard limit. The attribute type is SEC_INT.
Note: These values are string constants that should
be used by applications both for convenience and to permit optimization
in latter implementations.
-
- Type
- Specifies the type of attribute expected. Valid types are defined
in the usersec.h file and include:
- SEC_INT
- The format of the attribute is an integer.
For the getconfattr subroutine,
the user should supply a pointer to a defined integer variable. For
the putconfattr subroutine, the user should supply an integer.
- SEC_CHAR
- The format of the attribute is a null-terminated character string.
- SEC_LIST
- The format of the attribute is a series of concatenated strings,
each null-terminated. The last string in the series is terminated
by two successive null characters.
- SEC_BOOL
- The format of the attribute from the getconfattr subroutine
is an integer with the value of either 0 (false) or 1 (true). The
format of the attribute for the putconfattr subroutine is a
null-terminated string containing one of the following strings: true,
false, yes, no, always, or never.
- SEC_COMMIT
- For the putconfattr subroutine, this value specified by
itself indicates that the changes to the named sys value
or stanza are to be committed to permanent storage. The Attribute and Value parameters
are ignored. If no stanza name is specified, all outstanding changes
to the system information databases are committed to permanent storage.
- SEC_DELETE
- The corresponding attribute is deleted from the database.
-
Security
| Item |
Description |
|---|
| Files Accessed: |
|
| Mode |
File |
|---|
| rw |
/etc/security/user |
| rw |
/etc/security/limits |
| rw |
/etc/security/login.cfg |
| rw |
/usr/lib/security/mkuser.default |
| rw |
/etc/security/audit/config |
Return Values
If successful, the getconfattr subroutine
returns a value of zero.
If unsuccessful, the getconfattr subroutine
returns a value of -1.
Error Codes
| Item |
Description |
|---|
| ENOENT |
The value that the Sys parameter specifies does not
exist. |
| ENOATTR |
The specified Attribute variable
is not defined for this Sys parameter. |
| EINVAL |
The Attribute or Type variable
for the specified Sys parameter is not valid. |
| EACCESS |
The user does not have access to the specified Attribute variable. |
| EIO |
Failed to access remote system information database. |
Files
| Item |
Description |
|---|
| /etc/passwd |
Contains user IDs. |