Purpose
Modifies
the command security information in the privileged command database.
Library
Security
Library (libc.a)
Description
The putcmdattr subroutine
writes a specified attribute into the command database. If the database
is not open, this subroutine does an implicit open for reading and
writing. Data changed by the putcmdattr subroutine must be
explicitly committed by calling the putcmdattr subroutine with
a Type parameter specifying SEC_COMMIT. Until all the
data is committed, only the subroutines within the process return
written data.
New entries in the command databases must first
be created by invoking the putcmdattr subroutine with the SEC_NEW type.
Changes
that are made to the privileged command database do not impact security
considerations until the entire database is sent to the Kernel Security
Tables using the setkst command or until the system is rebooted.
Parameters
Item |
Description |
Command |
The command name. The value should be the full
path to the command on the system. This parameter must be specified
unless the Type parameter is SEC_COMMIT. |
Attribute |
Specifies the attribute that is to written.
The following possible attributes are defined in the usersec.h file:
- S_ACCESSAUTHS
- Access authorizations. The attribute type is SEC_LIST and
is a null-separated list of authorization names. Sixteen authorizations
can be specified. A user with any one of the authorizations can run
the command. In addition to the user-defined and system-defined authorizations
available on the system, the following three special values can be
specified:
- ALLOW_OWNER
- Allows the command owner to run the command without checking for
access authorizations.
- ALLOW_GROUP
- Allows the command group to run the command without checking for
access authorizations.
- ALLOW_ALL
- Allows every user to run the command without checking for access
authorizations.
- S_AUTHPRIVS
- Authorized privileges. The attribute type is SEC_LIST.
Privilege authorization and authorized privileges pairs indicate process
privileges during the execution of the command corresponding to the
authorization that the parent process possesses. The authorization
and its corresponding privileges are separated by an equal sign (=);
individual privileges are separated by a plus sign (+); the authorization
and privileges pairs are separated by a comma (,) as shown in the
following illustration:
auth=priv+priv+...,auth=priv+priv...,...
The
number of authorization/privileges pairs is limited to sixteen.
- S_AUTHROLES
- A role or list of roles, users having these roles have to be authenticated
to allow execution of the command. The attribute type is SEC_LIST.
- S_INNATEPRIVS
- Innate privileges. This is a null-separated list of privileges
assigned to the process when running the command. The attribute type
is SEC_LIST.
- S_INHERITPRIVS
- Inheritable privileges. This is a null-separated list of privileges
that is passed to child processes privileges. The attribute type is SEC_LIST.
- S_EUID
- The effective user ID to be assumed when running the command.
The attribute type is SEC_INT.
- S_EGID
- The effective group ID to be assumed when running the command.
The attribute type is SEC_INT.
- S_RUID
- The real user ID to be assumed when running the command. The attribute
type is SEC_INT.
|
Value |
Specifies a buffer, a pointer to a buffer, or
a pointer to a pointer according to the values of the Attribute and Type parameters.
See the Type parameter for more details. |
Type |
Specifies the type of attribute. The following
valid types are defined in the usersec.h file: - SEC_INT
- The format of the attribute is an integer.
- SEC_CHAR
- The format of the attribute is a null-terminated character string.
The user should supply a character pointer.
- SEC_LIST
- The format of the attribute is a series of concatenated strings,
each of which is null-terminated. The last string in the series is
terminated by two successive null characters. For the putcmdattr subroutine,
the user should supply a character pointer.
- SEC_COMMIT
- For the putcmdattr subroutine, this value specified by
itself indicates that changes to the named command are to be committed
to permanent storage. The Attribute and Value parameters
are ignored. If no command is specified, the changes to all modified
commands are committed to permanent storage.
- SEC_DELETE
- If the Attribute parameter is specified, the corresponding
attribute is deleted from the privileged command database. If no Attribute parameter
is specified, the entire command definition is deleted from the privileged
command database.
- SEC_NEW
- Creates a new command in the privileged command database when
it is specified with the putcmdattr subroutine.
|
Security
Files
Accessed: File |
Mode |
/etc/security/privcmds |
rw |
Return Values
If
successful, the putcmdattr subroutine returns zero. Otherwise,
a value of -1 is returned and the errno global value is set
to indicate the error.
Error Codes
If the putcmdattr subroutine
fails, one of the following errno values can be set:
Item |
Description |
EINVAL |
The Command parameter is NULL and
the Type parameter is not SEC_COMMIT. |
EINVAL |
The Command parameter is default or ALL. |
EINVAL |
The Attribute parameter does not contain
one of the defined attributes or is NULL. |
EINVAL |
The Type parameter does not contain one
of the defined values. |
EINVAL |
The Value parameter does not point to
a valid buffer or to valid data for this type of attribute. |
ENOENT |
The command specified by the Command parameter
does not exist. |
EPERM |
The operation is not permitted. |