HP-UX 11i Security Containment Administrator's Guide for HP-UX 11i v2
-a
Matches only those entries requiring the specified authorization. Authorization is defined
as (operation, object) pairs in the /etc/rbac/cmd_priv database file. The specified
authorization must exactly match the authorization present in the /etc/rbac/cmd_priv
file—wildcards are not supported.
-c Matches the specified compartment in the /etc/rbac/cmd_priv database file. The
specified compartment must exactly match the compartment present in
/etc/rbac/cmd_priv.
-p Matches the specified privileges with the privileges in the /etc/rbac/cmd_priv database
file. You can specify more than one privilege. When specifying multiple privileges, separate
each privilege with a comma. Be aware when you specify a privilege using the privrun
-p option that privrun will match all entries that contain the specified privilege—including
groups of privileges and compound privileges that include the -p specified privilege. The
privrun command will execute according to the first match in /etc/rbac/cmd_priv.
-x Uses a fall-through mode that modifies the behavior of privrun only when an authorization
or authentication check fails. Rather than exiting with an error message, the target command
runs, but without any additional privileges. The target command executes as though the
user ran the command directly without privrun.
-v Invokes privrun in verbose mode. The verbose level increases if two -v options are
specified. An increased verbose level prints more information.
-h Prints privrun help information.
-t
Uses a test mode that performs all the normal authorization and authentication checks
according to the configuration files to see if the desired privrun invocation will succeed.
The only difference is that instead of executing the command, upon success, privrun -t
just returns. Use this to preview whether a given privrun invocation will succeed.
The following is an example of the most basic privrun usage—wrapping a legacy application.
In this case, the ipfstat command runs as a privrun command argument in order to run
according to the authorizations associated with the invoking user:
# privrun ipfstat
As long as the user logged in has the necessary authorization, defined in /etc/rbac/cmd_priv,
the privrun wrapper command will execute the legacy command with the privileges (UID and
GID) defined in the /etc/rbac/cmd_priventry.
Multiple entries can exist for the same command, potentially with different required authorizations
and different resulting privileges. In this case, privrun iterates sequentially through the
/etc/rbac/cmd_priv database, executing the first command the user is authorized for.
In some cases, this may not be ideal. For example, all users may be allowed to run the passwd
command to change their own password but if a user administrator runs it, he or she needs the
privileges to change other users' passwords. If the entry for all the normal users is listed before
the entry for the user administrators, it is executed first, and this might prevent the user
administrators from running the more privileged version.
For cases like this, privrun has options that allow users to specify the desired privileges. Only
entries matching the specified privileges (for example, UID) are used. If no entries match the
desired privileges, privrun returns an error message.
The following is an example invocation of privrun that matches only entries where the effective
UID is set to 0:
# privrun -u 0 ipfstat
Using HP-UX RBAC 47