setfilexsec.1m (2010 09)
s
setfilexsec(1M) setfilexsec(1M)
Operands
setfilexsec recognizes the following operands:
filename A binary executable. Extended attributes set on executable scripts are ignored by the
kernel.
Security Restrictions
The caller must have the following authorization:
hpux.security.xsec.filexsec.unrestricted
—or—
hpux.security.xsec.filexsec.restricted
RETURN VALUE
setfilexsec returns the following values:
0 Successful completion. The security attributes are updated successfully.
>0 An error occurs. An error can be caused by an invalid option, an invalid argument, or
insufficient permissions for the user to perform the operation.
EXAMPLES
Example 1: Add a security attributes entry for the binary executable
/web/java for the first time:
setfilexsec -r cmptread \
-R policy,!changecmpt -p cmptread,cmptwrite \
-P policy -f start_nil -c web /web/java
The Example 1 command has the following effect:
When a process performs a
exec() of the binary /web/java, the process’s attributes are modified
as follows:
• The retained privilege set includes at least
cmptread and cmptwrite.
• The retained privilege set does not include
dacwrite.
• The permitted privilege set includes at least
cmptread.
• The permitted privilege set is equal to the policy privilege set (depends on the inheritable set
before the
exec()).
• The process changes its compartment to
web.
• Since the process is privilege-aware, the effective privilege set is empty (and the application
/web/java may raise the privileges in the permitted privilege set at run time).
Example 2: Modify the minimum retained privilege set and flags for the same binary:
setfilexsec -r cmptwrite -f start_full /web/java
Because the start_full flag is specified, the effective privilege set is equal to the permitted
privilege set (the application presumably does not manipulate the privileges at run time).
Example 3: Delete all extended security attributes for the same binary:
setfilexsec -d /web/jar
WARNINGS
If a binary file that has extended security attributes set is modified or replaced, the attributes are no
longer applied for that file, but are still present in system tables. On reboot, the system would detect that
the file contents have changed using a simple checksum mechanism. Upon detecting such a scenario, the
attributes of the file are ignored and an error message is issued corresponding to the file entry. For
proper operation, when a file is modified, run setfilexsec -d to remove the extended attributes
instead of relying on the checksum mechanism.
When replacing a binary, in order to retain the privileges on the binary, run
setfilexsec -d first to
remove the prior privilege attributes, replace the binary, and then run setfilexsec to re-assign attri-
butes.
Note that the NFS protocol is not extended to support extended security attributes. Hence the NFS
mounted binaries should not be configured with any extended security attributes.
2 Hewlett-Packard Company − 2 − HP-UX 11i Version 3: September 2010