privrun.1m (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

privrun(1M) privrun(1M)

Operands

privrun recognizes the following operands:

command [args ] The HP-UX command to run. command must be fully qualiﬁed. If it is not, then

privrun will use the current working directory and the

PATH environment vari-

able to determine the desired command. args speciﬁes any argument that the com-

mand recognizes.

The cmd_priv Database

The

/etc/rbac/cmd_priv

ﬁle contains information on which authorizations are required to execute

each command binary, or edit each ﬁle. It also has the resulting privileges (real, effective UID and GID,

ﬁne-grained privileges, compartment) associated with the binary. If the user is required to reauthenti-

cate prior to successful authorization, a PAM service name is speciﬁed in this ﬁle and indicates how

privrun should identify itself to PAM. See pam.conf (4) for more detailed information.

The ﬁle contains any number of entries, where each entry is speciﬁed on a single line in the following for-

mat:

{command|ﬁle}

: arguments

:(operation ,object ):ruid/euid/rgid/egid : compartment :

privs :

pam-service : ﬂags

These ﬁelds are deﬁned as follows:

Field Description

command|file For

privrun, the fully qualiﬁed path of the command being wrapped to provide

additional privileges.

For

privedit, the fully qualiﬁed path of a ﬁle to edit.

This ﬁeld may contain wildcards as deﬁned in fnmatch (3C).

arguments The exact set of arguments (matched as a string) the user must invoke. If this

ﬁeld is empty, the command may not be invoked with any arguments. If this ﬁeld

contains the keyword

DFLT, the speciﬁed command may be invoked with any

arguments. This ﬁeld is only used by privrun and ignored by privedit.

(operation ,object ) The operation the user is required to have on the object speciﬁed. Together, the

(operation ,object ) forms the authorization. operation must be fully qualiﬁed

and cannot contain a wild card (

*).

An entry of

all in object requires that the user has the speciﬁed operation on all

objects. (Note : This is satisﬁed by a speciﬁcation of (operation

,*) in the

/etc/rbac/role_auth

database if RBAC is in use.)

This ﬁeld may contain the keyword (

DFLT, DFLT) instead of (operation

,object ),

which indicates that no access check is required and the command is invoked

with privilege for any user.

ruid

/euid/rgid/egid Real/Effective UID/GID. Part of the privileges granted to the wrapped command

(process) if the user has the speciﬁed authorization. If any of these ﬁelds are

speciﬁed, privrun calls setresuid or setresgid before invoking the com-

mand. These ﬁelds can also be speciﬁed by name, in which case a conversion will

be performed at invocation time. This ﬁeld is only used by privrun and ignored

by privedit.

The UID and GID speciﬁcations in this ﬁeld are optional. No ID present indicates

the ﬁeld is to remain unchanged; however, the slash (

/) characters separating the

IDs must remain.

compartment Compartment to invoke application in. A compartment is an attribute associated

with a process to compartmentalize different OS processes. If compartments are

not enabled on the system, this ﬁeld should be set to

DFLT. An error may occur if

this ﬁeld is left empty. Refer to compartments (5) for more information on com-

partments. This ﬁeld is only used by privrun and ignored by privedit.

privs Fine-grained privileges to be associated with

command at invocation. These

privileges may be used in lieu of UID=0 to perform speciﬁc kernel operations. If

the ﬁeld is set to DFLT, basic privileges will be granted to the process. Refer to

privileges (5) for more detailed information. This ﬁeld is only used by privrun

and ignored by privedit.

2 Hewlett-Packard Company − 2 − HP-UX 11i Version 3: September 2010