Modifies the authorizations that are defined in the authorization database.
Security Library (libc.a)
The putauthattr subroutine modifies the authorization database. The subroutine can be invoked only by new authorizations or authorizations that already exist in the user-defined authorization database. Calling the putauthattr subroutine with an authorization in the system-defined authorization table will fail.
New authorizations can be added to the authorization database by calling the putauthattr subroutine with the SEC_NEW type and specifying the new authorization name. Authorization names are of a hierarchical structure (that is, parent.subparent.subsubparent). Parent authorizations must exist before the child can be created. Deletion of an authorization or authorization attribute is done using the SEC_DELETE type for the putauthattr subroutine. Deleting an authorization requires that all child authorizations have already been deleted.
Data changed by the putauthattr subroutine must be explicitly committed by calling the putauthattr subroutine with a Type parameter specifying the SEC_COMMIT type. Until all the data is committed, only the getauthattr and getauthattrs subroutines within the process return the modified data. Changes that are made to the authorization database do not impact security considerations until the entire database is sent to the Kernel Security Tables using the setkst command or until the system is rebooted.
Item | Description |
---|---|
Auth | The authorization name. This parameter must be specified unless the Type parameter is SEC_COMMIT. |
Attribute | Specifies the attribute to be written. The following
possible attributes are defined in the usersec.h file:
|
Value | Specifies a buffer, a pointer to a buffer, or a pointer to a pointer according to the values of the Attribute and Type parameters. See the Type parameter for more details. |
Type | Specifies the type of attribute. The following
valid types are defined in the usersec.h file:
|
File | Mode |
---|---|
/etc/security/authorizations | rw |
If successful, the putauthattr subroutine returns zero. Otherwise, a value of -1 is returned and the errno global value is set to indicate the error.
If the putauthattr subroutine fails, one of the following errno values is set:
Item | Description |
---|---|
EEXIST | The Type parameter is SEC_DELETE and the Auth parameter specifies an authorization that is the parent of at least one another authorization. |
EINVAL | The Auth parameter is NULL and the Type parameter is not SEC_COMMIT. |
EINVAL | The Auth parameter is default, ALL, ALLOW_OWNER, ALLOW_GROUP or ALLOW_ALL. |
EINVAL | The Auth parameter begins with aix. Authorizations with a hierarchy that begin with aix are reserved for system-defined authorizations and are not modifiable using the putauthattr subroutine. |
EINVAL | The Attribute parameter is NULL and the Type parameter is not SEC_NEW, SEC_DELETE or SEC_COMMIT. |
EINVAL | The Attribute parameter does not contain one of the defined attributes. |
EINVAL | The Type parameter does not contain one of the defined values. |
EINVAL | The Value parameter does not point to a valid buffer or to valid data for this type of attribute. |
ENOENT | The authorization specified by the Auth parameter does not exist. |
ENOENT | The Auth parameter specifies a hierarchy and the Type parameter is SEC_NEW, but the parent authorization does not exist. |
ENOMEM | Memory cannot be allocated. |
EPERM | The operation is not permitted. |