lskst Command

Purpose

Lists the entries in the kernel security tables.

Syntax

lskst -t table [-C | -f ] [Name [, Name]...]

Description

The lskst command reads the kernel security tables (KST) and displays the information on standard output (stdout). The output of the lskst command might differ from what is displayed by the lsauth, lsrole and lssecattr commands if the associated file databases are modified after the databases are sent to the KST through the setkst command.

Specify the table to be displayed with the -t flag. By default, all the information in the specified table is displayed. Alternatively, a specific entry in the table can be selected by specifying the Name parameter.

By default, the lskst command lists the attributes of each entry on one line. It displays attribute information as Attribute = Value definitions, each separated by a blank space. To list the table attributes in stanza format, use the -f flag. To list the information as colon-separated records, use the -C flag.

Flags

Item Description
-C Displays the table attributes in colon-separated records as follows:
#name:attribute1:attribute2:...
entry_name:value1:value2:...
-f Displays the output in stanzas, with each stanza identified by the entry name. Each Attribute = Value pair is listed on a separate line:
entry_name:
        attribute1=value
        attribute2=value
        attribute3=value
-t table Retrieves data from the specified security table from the KST. The parameter for the -t flag can be one of the following values:
auth
Authorizations table
role
Role table
cmd
Privileged command table
dev
Privileged device table
dom
Domains
domobj
Domain objects

Parameters

Item Description
Name Represents a specific entry of a kernel table. It can be an authorization, a role, a privileged command or a privileged device, depending on the table specified by the -t table flag.

Security

The lskst command is a privileged command. You must assume a role that has the following authorization to run the command successfully.
Item Description
aix.security.kst.list Required to run the command.

Examples

  1. To retrieve all the entries in the role table from the KST, use the following command:
    lskst -t role
  2. To display the entry for the /usr/bin/mycmd command from the privileged command table in stanza format, use the following command:
    lskst -t cmd -f /usr/bin/mycmd
  3. To display the aix.security authorization table in the kernel, use the following command:
    lskst -t auth aix.security
  4. To retrieve all the entries in the domain object table from the KST, use the following command:
    lskst -t domobj