getfilexsec.1m (2010 09)
g
getfilexsec(1M) getfilexsec(1M)
NAME
getfilexsec - display security attributes of binary executable(s)
SYNOPSIS
getfilexsec [-r][-R
][-p][-P][-f][-c] filename ...
DESCRIPTION
The
getfilexsec command displays various extended security attributes associated with binary exe-
cutable files. These attributes include retained privileges, permitted privileges, and compartment and
security attribute flags. See privileges (5) and exec(2)
Options
The
getfilexsec command supports the following options:
-c Displays the compartment name of the file(s).
-f Displays security attribute flags. The only currently defined flag is the privilege start
flag.
-p Displays the minimum permitted privileges.
-P Displays the maximum permitted privileges.
-r Displays the minimum retained privileges.
-R Displays the maximum retained privileges.
If no options are specified, all extended security attributes of the binary file(s) are displayed.
Operands
getfilexsec supports the following operand:
filename Binary executable file. All file names given as arguments must be binary executables.
Files of other types (for example, script executables, text files, and so on) are not permit-
ted.
Security Restrictions
The user invoking this command must be able to open the directory in which the binary executable files
are present.
RETURN VALUE
getfilexsec returns the following values:
0 Successful completion. The attributes are displayed.
>0 An error occurs. An error can be caused by an invalid option or inadequate permissions to per-
form the operation.
EXAMPLES
Example 1: Display the maximum permitted privileges and privilege-aware flag of binary executable file
/web/java:
# getfilexsec -P -f /web/java
Sample output:
/web/java:
Flag: start_nil
PermittedMaxPrivileges: CMPTREAD, CMPTWRITE
SEE ALSO
setfilexsec(1M), exec(2), compartments(5), privileges(5).
HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1