putcmdattr Subroutine

Purpose

Modifies the command security information in the privileged command database.

Library

Security Library (libc.a)

Syntax

#include <usersec.h>

int putcmdattr (Command, Attribute, Value, Type)
    char *Command;
    char *Attribute;
    void *Value;
    int Type;

Description

The putcmdattr subroutine writes a specified attribute into the command database. If the database is not open, this subroutine does an implicit open for reading and writing. Data changed by the putcmdattr subroutine must be explicitly committed by calling the putcmdattr subroutine with a Type parameter specifying SEC_COMMIT. Until all the data is committed, only the subroutines within the process return written data.

New entries in the command databases must first be created by invoking the putcmdattr subroutine with the SEC_NEW type.

Changes that are made to the privileged command database do not impact security considerations until the entire database is sent to the Kernel Security Tables using the setkst command or until the system is rebooted.

Parameters

Item Description
Command The command name. The value should be the full path to the command on the system. This parameter must be specified unless the Type parameter is SEC_COMMIT.
Attribute Specifies the attribute that is to written. The following possible attributes are defined in the usersec.h file:
S_ACCESSAUTHS
Access authorizations. The attribute type is SEC_LIST and is a null-separated list of authorization names. Sixteen authorizations can be specified. A user with any one of the authorizations can run the command. In addition to the user-defined and system-defined authorizations available on the system, the following three special values can be specified:
ALLOW_OWNER
Allows the command owner to run the command without checking for access authorizations.
ALLOW_GROUP
Allows the command group to run the command without checking for access authorizations.
ALLOW_ALL
Allows every user to run the command without checking for access authorizations.
S_AUTHPRIVS
Authorized privileges. The attribute type is SEC_LIST. Privilege authorization and authorized privileges pairs indicate process privileges during the execution of the command corresponding to the authorization that the parent process possesses. The authorization and its corresponding privileges are separated by an equal sign (=); individual privileges are separated by a plus sign (+); the authorization and privileges pairs are separated by a comma (,) as shown in the following illustration:
auth=priv+priv+...,auth=priv+priv...,...
The number of authorization/privileges pairs is limited to sixteen.
S_AUTHROLES
A role or list of roles, users having these roles have to be authenticated to allow execution of the command. The attribute type is SEC_LIST.
S_INNATEPRIVS
Innate privileges. This is a null-separated list of privileges assigned to the process when running the command. The attribute type is SEC_LIST.
S_INHERITPRIVS
Inheritable privileges. This is a null-separated list of privileges that is passed to child processes privileges. The attribute type is SEC_LIST.
S_EUID
The effective user ID to be assumed when running the command. The attribute type is SEC_INT.
S_EGID
The effective group ID to be assumed when running the command. The attribute type is SEC_INT.
S_RUID
The real user ID to be assumed when running the command. The attribute type is SEC_INT.
Value Specifies a buffer, a pointer to a buffer, or a pointer to a pointer according to the values of the Attribute and Type parameters. See the Type parameter for more details.
Type Specifies the type of attribute. The following valid types are defined in the usersec.h file:
SEC_INT
The format of the attribute is an integer.
SEC_CHAR
The format of the attribute is a null-terminated character string. The user should supply a character pointer.
SEC_LIST
The format of the attribute is a series of concatenated strings, each of which is null-terminated. The last string in the series is terminated by two successive null characters. For the putcmdattr subroutine, the user should supply a character pointer.
SEC_COMMIT
For the putcmdattr subroutine, this value specified by itself indicates that changes to the named command are to be committed to permanent storage. The Attribute and Value parameters are ignored. If no command is specified, the changes to all modified commands are committed to permanent storage.
SEC_DELETE
If the Attribute parameter is specified, the corresponding attribute is deleted from the privileged command database. If no Attribute parameter is specified, the entire command definition is deleted from the privileged command database.
SEC_NEW
Creates a new command in the privileged command database when it is specified with the putcmdattr subroutine.

Security

Files Accessed:
File Mode
/etc/security/privcmds rw

Return Values

If successful, the putcmdattr subroutine returns zero. Otherwise, a value of -1 is returned and the errno global value is set to indicate the error.

Error Codes

If the putcmdattr subroutine fails, one of the following errno values can be set:

Item Description
EINVAL The Command parameter is NULL and the Type parameter is not SEC_COMMIT.
EINVAL The Command parameter is default or ALL.
EINVAL The Attribute parameter does not contain one of the defined attributes or is NULL.
EINVAL The Type parameter does not contain one of the defined values.
EINVAL The Value parameter does not point to a valid buffer or to valid data for this type of attribute.
ENOENT The command specified by the Command parameter does not exist.
EPERM The operation is not permitted.