unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Page:
Section:
Apropos / Subsearch:
optional field

exec_attr(4)                     File Formats                     exec_attr(4)



NAME
       exec_attr - execution profiles database

SYNOPSIS
       /etc/security/exec_attr

DESCRIPTION
       /etc/security/exec_attr  is  a local database that specifies the execu-
       tion attributes associated with profiles. The  exec_attr  file  can  be
       used with other sources for execution profiles, including the exec_attr
       NIS map and NIS+ table. Programs use the  getexecattr(3SECDB)  routines
       to access this information.

       The search order for multiple execution profile sources is specified in
       the /etc/nsswitch.conf file, as described in the  nsswitch.conf(4)  man
       page. The search order follows the entry for prof_attr(4).

       A  profile is a logical grouping of authorizations and commands that is
       interpreted by a profile shell to form a secure execution  environment.
       The  shells that interpret profiles are pfcsh, pfksh, and pfsh. See the
       pfsh(1) man page. Each user's account is assigned zero or more profiles
       in the user_attr(4) database file.

       Each  entry in the exec_attr database consists of one line of text con-
       taining seven fields separated by colons (:). Line continuations  using
       the  backslash  (\fR) character are permitted. The basic format of each
       entry is:

              name:policy:type:res1:res2:id:attr


       name

           The name of the profile. Profile names are case-sensitive.



       policy

           The security policy that is associated with the profile entry.  The
           valid  policies are suser (standard Solaris superuser) and solaris.
           The solaris policy recognizes privileges (see  privileges(5));  the
           suser policy does not.

           The  solaris  and  suser policies can coexist in the same exec_attr
           database, so that Solaris releases prior to the current release can
           use  the  suser  policy  and  the current Solaris release can use a
           solaris policy. solaris is a superset of suser; it  allows  you  to
           specify privileges in addition to UIDs.  Policies that are specific
           to the current release of Solaris or that contain privileges should
           use  solaris.  Policies that use UIDs only or that are not specific
           to the current Solaris release should use suser.



       type

           The type of object defined in the profile. The only valid  type  is
           cmd.



       res1

           Reserved for future use.



       res2

           Reserved for future use.



       id

           A  string that uniquely identifies the object described by the pro-
           file. For a profile of type cmd, the id is either the full path  to
           the  command or the asterisk (*) symbol, which is used to allow all
           commands. An asterisk that replaces the  filename  component  in  a
           pathname indicates all files in a particular directory.

           To  specify  arguments, the pathname should point to a shell script
           that is written to execute the command with the  desired  argument.
           In  a  Bourne  shell, the effective UID is reset to the real UID of
           the process when the effective UID is less than 100 and  not  equal
           to  the  real  UID.  Depending  on the euid and egid values, Bourne
           shell limitations might make other shells  preferable.  To  prevent
           the effective UIDs from being reset to real UIDs, you can start the
           script with the -p option.


           #!/bin/sh -p



       attr

           An optional list of semicolon-separated (;)  key-value  pairs  that
           describe the security attributes to apply to the object upon execu-
           tion. Zero or more keys may be specified. The  list  of  valid  key
           words  depends  on the policy enforced. The following key words are
           valid: euid, uid, egid, and gid.

           euid and uid contain a single user name or a numeric user ID.  Com-
           mands  designated  with  euid run with the effective UID indicated,
           which is similar to setting the setuid bit on an  executable  file.
           Commands  designated  with uid run with both the real and effective
           UIDs. Setting uid may be more appropriate than setting the euid  on
           privileged shell scripts.

           egid  and  gid  contain  a single group name or a numeric group ID.
           Commands designated with egid run with the effective GID indicated,
           which is similar to setting the setgid bit on a file. Commands des-
           ignated with gid run with both the real and effective GIDs. Setting
           gid  may  be more appropriate than setting guid on privileged shell
           scripts.

           privs contains a privilege set which will be added to the inherita-
           ble set prior to running the command.

           limitprivs  contains  a privilege set which will be assigned to the
           limit set prior to running the command.

           privs and limitprivs are only valid for the solaris policy.



EXAMPLES
       Example 1: Using effective user and group IDs

       The following example shows the audit command specified  in  the  Audit
       Control  profile  to  execute with an effective user ID of root (0) and
       effective group ID of bin (3):


       Audit Control:suser:cmd:::/etc/init.d/audit:euid=0;egid=3


FILES
       /etc/nsswitch.conf

       /etc/user_attr

       /etc/security/exec_attr

CAVEATS
       When deciding which authorization source to use (see DESCRIPTION), keep
       in mind that NIS+ provides stronger authentication than NIS.

       Because  the  list  of  legal  keys  is likely to expand, any code that
       parses this database must be written to ignore unknown key-value  pairs
       without  error.  When any new keywords are created, the names should be
       prefixed with a unique string, such as the company's stock  symbol,  to
       avoid potential naming conflicts.

       The following characters are used in describing the database format and
       must be escaped with a backslash if used as data: colon (:),  semicolon
       (;), equals (=), and backslash (\fR).

SEE ALSO
       auths(1),    profiles(1),    roles(1),   sh(1),   makedbm(1M),   getau-
       thattr(3SECDB),   getauusernam(3BSM),   getexecattr(3SECDB),    getpro-
       fattr(3SECDB),  getuserattr(3SECDB),  kva_match(3SECDB),  auth_attr(4),
       prof_attr(4), user_attr(4), privileges(5)



SunOS 5.10                        22 Nov 2004                     exec_attr(4)