Purpose
Modifies
multiple command attributes in the privileged command database.
Library
Security
Library (libc.a)
Description
The putcmdattrs subroutine
modifies one or more attributes from the privileged command database.
If the database is not open, this subroutine does an implicit open
for reading and writing. The command specified by the Command parameter
must include the full path to the command and exist in the privileged
command database.
The putcmdattrs subroutine is only
used to modify attributes of existing commands in the database. To
create or remove command entries, use the putcmdattr subroutine
instead. Data changed by the putcmdattrs subroutine must be
explicitly committed by calling the putcmdattr subroutine with
a Type parameter specifying SEC_COMMIT. Until all the
data is committed, only the getcmdattr and getcmdattrs subroutines
within the process return the modified data. Changes made to the privileged
command database do not impact security considerations until the entire
database is sent to the Kernel Security Tables using the setkst command
or until the system is rebooted.
The Attributes parameter
contains information about each attribute that is to be updated. Each
values that is specified in the Attributes parameter
must be examined on a successful call to the putcmdattrs subroutine
to determine whether the Attributes parameter
was successfully written. The dbattr_t data structure contains
the following fields:
Name |
Description |
Type |
S_ACCESSAUTHS |
Access authorizations,
a null-separated list of authorization names. Sixteen authorizations
can be specified. A user with any one of the authorizations can run
the command. In addition to the user-defined and system-defined authorizations
available on the system, the following three special values can be
specified: - ALLOW_OWNER
- Allows the command owner to run the command without checking
for access authorizations.
- ALLOW_GROUP
- Allows the command group to run the command without checking
for access authorizations.
- ALLOW_ALL
- Allows every user to run the command without checking for access
authorizations.
|
SEC_LIST |
S_AUTHPRIVS |
Authorized privileges. Privilege authorization
and authorized privileges pairs indicate process privileges during
the execution of the command corresponding to the authorization that
the parent process possesses. The authorization and its corresponding
privileges are separated by an equal sign (=); individual privileges
are separated by a plus sign (+). The attribute is of the SEC_LIST type
and the value is a null-separated list, so authorization and privileges
pairs are separated by a NULL character (\0), as shown in the following
illustration: auth=priv+priv+...\0auth=priv+priv+...\0...\0\0
The
number of authorization and privileges pairs is limited to sixteen. |
SEC_LIST |
S_AUTHROLES |
A role or list of roles, users having these
roles have to be authenticated to allow execution of the command. |
SEC_LIST |
S_INNATEPRIVS |
Innate privileges. This is a null-separated
list of privileges that are assigned to the process when running the
command. |
SEC_LIST |
S_INHERITPRIVS |
Inheritable privileges. This is a null-separated
list of privileges that are assigned to child processes. |
SEC_LIST |
S_EUID |
The effective user ID to be assumed when running
the command. |
SEC_INT |
S_EGID |
The effective user ID to be assumed when running
the command. |
SEC_INT |
S_RUID |
The real user ID to be assumed when running
the command. |
SEC_INT |
Note: All the above fields corresponds to the attr_name attribute.
Item |
Description |
attr_idx |
This attribute is used internally by the putcmdattrs subroutine. |
attr_type |
The type of the attribute that is being updated. |
attr _flag |
The result of the request to update the target
attribute. On successful completion, a value of zero is returned.
Otherwise , it returns a value of nonzero. |
|
A union that contains the value to update the
requested attribute with. |
attr_domain |
This field is ignored by the putcmdattrs subroutine. |
The following union members that correspond to the definitions
of the
attr_char,
attr_int,
attr_long and
attr_llong macros
in the
usersec.h file respectively.
Item |
Description |
au_char |
A character pointer to
the value that is to be written for attributes of the SEC_CHAR and SEC_LIST types. |
au_int |
Integer value that is
to be written for attributes of the SEC_INT type. |
au_long |
Long value that is to
be written for attributes of the SEC_LONG type. |
au_llong |
Long long value that is
to be written for attributes of the SEC_LLONG type. |
Parameters
Item |
Description |
Command |
Specifies the command name for which the attributes
are to be updated. |
Attributes |
A pointer to an array of zero or more elements
of the dbattr_t type. The list of command attributes is defined
in the usersec.h header file. |
Count |
The number of array elements in the Attributes parameter. |
Security
Files
Accessed: File |
Mode |
/etc/security/privcmds
|
rw
|
Return Values
If
the command specified by the Command parameter exists in the
privileged command database, the putcmdattrs subroutine returns
zero, even in the case when no attributes in the Attributes parameter
were successfully updated. On success, the attr_flag attribute
of each element in the Attributes parameter
must be examined to determine if it was successfully updated. On failure,
a value of -1 is returned and the errno value is set to indicate
the error.
Error Codes
If the
putcmdattrs subroutine
returns -1, one of the following
errno values can be set:
Item |
Description |
EINVAL |
The Command parameter is NULL, default or ALL. |
EINVAL |
The Count parameter is less than zero. |
EINVAL |
The Attributes parameter is NULL and
the Count parameter is greater than zero. |
EINVAL |
The Attributes parameter does not point
to valid data for the requested attribute. |
ENOENT |
The command specified in the Command parameter
does not exist. |
EPERM |
The operation is not permitted. |
If the
putcmdattrs subroutine fails to update
an attribute, one of the following errors is returned in the
attr_flag field
of the corresponding
Attributes element:
Item |
Description |
EACCES |
The invoker does not have write access to the
privileged command database. |
EINVAL |
The attr_name field in the Attributes entry
is not a recognized command attribute. |
EINVAL |
The attr_type field in the Attributes entry
contains an invalid type. |
EINVAL |
The attr_un field in the Attributes entry
does not point to a valid buffer or to valid data for this type of
attribute. |