authorize(F)


authorize -- subsystem authorization file

Format

authorization:[secondary_authorization,...]

Description

The authorize file (/etc/auth/system/authorize) contains subsystem authorizations supported by the system. Each unique authorization must be defined in this file in order to be used by an application.

An authorization may specify optional secondary subsystem authorizations (secondary_authorization) that subdivide the facilities controlled by the primary authorization; having the primary authorization implies that its secondary authorizations are also in effect.

The list of supported subsystem authorizations can vary according to the system configuration. Subsystem authorizations can be added dynamically by editing authorize.

The following authorizations are supported:


audit
allows a user to perform audit subsystem administration; audit has the following default secondary authorization:

audittrail
allows a user to view those portions of the audit trail generated by their own processes

auth
allows a user to perform authentication subsystem administration; auth has the following default secondary authorizations:

passwd
allows a user to change the password of any account provided that account does not have the auth authorization

su
allows a user to su to any account for which the password is known

backup
allows a user to perform backup subsystem administration; backup has the following default secondary authorizations:

create_backup
allows a user to create backups

queryspace
allows a user to use the df command

restore
allows a user to restore from backups

cron
allows a user to act as cron subsystem administrator

lp
allows a user to act as line printer subsystem administrator; lp has the following default secondary authorizations:

printerstat
allows a user to enable and disable printers

printqueue
allows a user to list the jobs in the printer queue

mem
allows a user to view system process data for all processes

root
allows a user to run the asroot command; root has the following removable default secondary authorization:

shutdown
allows a user to run the shutdown command via asroot

sysadmin
not currently used; included for backwards compatibility

terminal
allows a user to override message filtering when sending data to another user's terminal

uucp
not currently used; included for backwards compatibility

Examples

The following entry from authorize means that users given lp authorization will also have printqueue and printerstat secondary authorization:
   lp:printqueue,printerstat

Warning

Primary and secondary authorizations must never be deleted from authorize as shipped; authorizations may only be added to the base set. Note that shutdown is the only exception and may be removed if necessary.

Limitations

The total number of primary and secondary authorizations specified must not exceed 32. This limit is imposed by the current implementation.

Files


/etc/auth/system/authorize
subsystem authorizations database

See also

asroot(ADM), cron(C), df(C), shutdown(ADM), su(C), subsystem(M)

Standards conformance

authorize is not part of any currently supported standard; it is an extension of AT&T System V provided by The Santa Cruz Operation, Inc.
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 03 June 2005