unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Page:
Section:
Apropos / Subsearch:
optional field



files(4)							     files(4)



NAME

  files	- File control database	 (Enhanced Security)

DESCRIPTION

  The file control database (/etc/auth/system/files) is	designed to help the
  Information System Security Officer (ISSO) maintain the integrity of the
  system. The database contains	entries	for system data	files and executable
  files	that require certain attributes. Some files require certain attri-
  butes	to provide protection against unauthorized access, while others
  require a specific set of attributes to accomplish their intended function.

  The database is used by the library routine create_file_securely() to
  determine the	set of attributes for a	newly created file. Many programs
  associated with the trusted computing	base (TCB) use this library routine
  for file creation to ensure that file	attributes are set correctly.

  A broad range	of attributes can be specified in the file control database.
  Specific choices depend upon the exact system	configuration. These choices
  are as follows:

  f_owner   This field specifies the owner name	for the	entry. If an owner
	    name is not	specified and the entry	is created using
	    create_file_securely, the owner of the file	will be	the real user
	    ID of the process creating the file.

  f_group   This field specifies the group name	for the	entry. If a group
	    name is not	specified and the entry	is created using
	    create_file_securely, the group of the file	will be	the real
	    group ID of	the process creating the file.

  f_mode    This field specifies the mode word for the entry. If the mode
	    word is not	specified and create_file_securely is used to create
	    the	entry, a mode word of 0	(zero) is assigned to the new file.

  f_type    This field identifies the type of the entry.  This field is	not
	    taken into account by create_file_securely when a file is being
	    created. The library routine will only create regular files.
	    Choices for	the type field are as follows:

	    r	 Regular file

	    d	 Directory

	    f	 FIFO device (pipe)

	    c	 Character special device

	    b	 Block special device

	    s	 Socket

EXAMPLES

  The following	example	is a typical file control database entry for the pro-
  gram /sbin/newfs:


       /sbin/newfs:f_owner=root:f_group=bin:\
	       :f_type=r:f_mode#04111:\
	       :chkent:

  This entry specifies that the	newfs program has bin as its owner and group,
  that it is a regular file, and that its mode is 0111

  The following	example	shows an entry for a site-specific directory that
  contains help	files for an application:

       /appl/help_files:f_owner=appadmin:f_group=appl:\
	       :f_type=d:f_mode#0750:\
	       :chkent;

  This entry specifies the owner of the	/appl/help_files directory as appad-
  min, the group as appl, and the mode as 0750.

FILES

  /etc/auth/system/files
	    Specifies the pathname of the file control database.

RELATED	INFORMATION

  Functions: getprfient(3)

  Files: authcap(4)