wlixfr.1 (2011 03)
wlixfr(1)
Optional WLI Product Required
wlixfr(1)
NAME
wlixfr - transfer WLI file access policies
SYNOPSIS
wlixfr -s sourcefile [-k privkey][
-p src:val] targetfile
wlixfr -h
DESCRIPTION
wlixfr will transfer WLI file access policies from sourcefile to targetfile . For more information on WLI
file access policies, see wli(5). To read a policy from sourcefile, the user must have read permission for
sourcefile. To transfer a policy to targetfile, the user must be the owner and have write permission to
targetfile .
wlixfr is primarily intended to be a convenient means of transferring file access policies from a single
source file. Wli file access policies are created by wlipolicy (1).
If privkey is an authorized administrator key, policy transfers will complete even if the targetfile owner
ID does not match the process effective user ID. The policy metadata signature is generated with privkey .
If privkey is not supplied, the metadata signature generated with the policy for sourcefile owner is copied
intact to targetfile . This requires the key used to generate the policy for sourcefile has been authorized as
a WLI user or administrator key. This key will then be able to modify and delete the policy on targetfile .
with wlipolicy (1).
If privkey is supplied, the policy metadata signature from sourcefile is discarded. The policy metadata
signature is then generated on targetfile using the supplied privkey . Subsequent
add or delete
opera-
tions on targetfile with wlipolicy (1) will then require privkey . For WLI user keys, the process effective
user ID must match the owner ID of targetfile.
If sourcefile has a FLAC policy that was created using the
wlipolicy fingerprint option
-s, privkey is
not optional. The cryptographic fingerprint of targetfile replaces that of sourcefile. The targetfile finger-
print implies that a new signature is generated with privkey .
To authenticate file access policy signatures, the public key extracted from privkey must be authorized as
a WLI user or administrator key. For more information on public key management, see wlicert (1M)
If privkey has not been authorized as a WLI key, a file access policy for targetfile will not be enforced by
WLI for any security attribute values. For more information on retrieving and setting security attribute
values, see wlisyspolicy (1M).
The
wlixfr command is installed with the optional HP-UX Whitelisting (WLI) product.
Options
-h Displays wlixfr command syntax.
-k privkey File containing a private RSA key in PEM format. If supplied, the file access poli-
cies will have metadata signatures generated with this key. This key is required if
a file access policy was generated with the wlipolicy (1) fingerprint option.
-p src:val The passphrase source for privkey . For more information on passphrase source
syntax, see wli (5).
-s sourcefile File with WLI policy record(s) that will be transferred to targetfile.
RETURN VALUE
wlixfr returns the following:
Failure A message and exit code of 1.
Success An exit code of 0.
EXAMPLES
Transfer all file access policies from jackfile1 to jackfile2. There is no FLAC policy on jack-
file1 with the fingerprint option, so no private key is needed. The WLI key for generating policies on
jackfile1 is the same as desired for jackfile2, so the policy signature does not need recalculation:
% wlixfr -s jackfile1 jackfile2
Transfer all file access policies from joefile to jackfile, and change the policy-generating private
key to keys/admpriv. The administrator private key keys/admpriv allows the administrator
HP-UX 11iv3: Sep 2010 Web Release − 1 − Hewlett-Packard Company 1