putcmdattr Subroutine

Purpose

Modifies the command security information in the privileged command database.

Library

Security Library (libc.a)

Syntax

#include <usersec.h>

int putcmdattr (Command, Attribute, Value, Type)
    char *Command;
    char *Attribute;
    void *Value;
    int Type;

Description

The putcmdattr subroutine writes a specified attribute into the command database. If the database is not open, this subroutine does an implicit open for reading and writing. Data changed by the putcmdattr subroutine must be explicitly committed by calling the putcmdattr subroutine with a Type parameter specifying SEC_COMMIT. Until all the data is committed, only the subroutines within the process return written data.

New entries in the command databases must first be created by invoking the putcmdattr subroutine with the SEC_NEW type.

Changes that are made to the privileged command database do not impact security considerations until the entire database is sent to the Kernel Security Tables using the setkst command or until the system is rebooted.

Parameters

Item	Description
Command	The command name. The value should be the full path to the command on the system. This parameter must be specified unless the Type parameter is SEC_COMMIT.
Attribute	Specifies the attribute that is to written. The following possible attributes are defined in the usersec.h file: S_ACCESSAUTHS Access authorizations. The attribute type is SEC_LIST and is a null-separated list of authorization names. Sixteen authorizations can be specified. A user with any one of the authorizations can run the command. In addition to the user-defined and system-defined authorizations available on the system, the following three special values can be specified: ALLOW_OWNER Allows the command owner to run the command without checking for access authorizations. ALLOW_GROUP Allows the command group to run the command without checking for access authorizations. ALLOW_ALL Allows every user to run the command without checking for access authorizations. S_AUTHPRIVS Authorized privileges. The attribute type is SEC_LIST. Privilege authorization and authorized privileges pairs indicate process privileges during the execution of the command corresponding to the authorization that the parent process possesses. The authorization and its corresponding privileges are separated by an equal sign (=); individual privileges are separated by a plus sign (+); the authorization and privileges pairs are separated by a comma (,) as shown in the following illustration: `auth=priv+priv+...,auth=priv+priv...,...` The number of authorization/privileges pairs is limited to sixteen. S_AUTHROLES A role or list of roles, users having these roles have to be authenticated to allow execution of the command. The attribute type is SEC_LIST. S_INNATEPRIVS Innate privileges. This is a null-separated list of privileges assigned to the process when running the command. The attribute type is SEC_LIST. S_INHERITPRIVS Inheritable privileges. This is a null-separated list of privileges that is passed to child processes privileges. The attribute type is SEC_LIST. S_EUID The effective user ID to be assumed when running the command. The attribute type is SEC_INT. S_EGID The effective group ID to be assumed when running the command. The attribute type is SEC_INT. S_RUID The real user ID to be assumed when running the command. The attribute type is SEC_INT.
Value	Specifies a buffer, a pointer to a buffer, or a pointer to a pointer according to the values of the Attribute and Type parameters. See the Type parameter for more details.
Type	Specifies the type of attribute. The following valid types are defined in the usersec.h file: SEC_INT The format of the attribute is an integer. SEC_CHAR The format of the attribute is a null-terminated character string. The user should supply a character pointer. SEC_LIST The format of the attribute is a series of concatenated strings, each of which is null-terminated. The last string in the series is terminated by two successive null characters. For the putcmdattr subroutine, the user should supply a character pointer. SEC_COMMIT For the putcmdattr subroutine, this value specified by itself indicates that changes to the named command are to be committed to permanent storage. The Attribute and Value parameters are ignored. If no command is specified, the changes to all modified commands are committed to permanent storage. SEC_DELETE If the Attribute parameter is specified, the corresponding attribute is deleted from the privileged command database. If no Attribute parameter is specified, the entire command definition is deleted from the privileged command database. SEC_NEW Creates a new command in the privileged command database when it is specified with the putcmdattr subroutine.

Security

Files Accessed:

File	Mode
/etc/security/privcmds	rw

Return Values

If successful, the putcmdattr subroutine returns zero. Otherwise, a value of -1 is returned and the errno global value is set to indicate the error.

Error Codes

If the putcmdattr subroutine fails, one of the following errno values can be set:

Item	Description
EINVAL	The Command parameter is NULL and the Type parameter is not SEC_COMMIT.
EINVAL	The Command parameter is default or ALL.
EINVAL	The Attribute parameter does not contain one of the defined attributes or is NULL.
EINVAL	The Type parameter does not contain one of the defined values.
EINVAL	The Value parameter does not point to a valid buffer or to valid data for this type of attribute.
ENOENT	The command specified by the Command parameter does not exist.
EPERM	The operation is not permitted.