HP-UX Reference (11i v3 07/02) - 1M System Administration Commands A-M (vol 3)
c
cmdprivadm(1M) cmdprivadm(1M)
cmdprivadm with particular options:
hpux.security.access.privrun.add,*
Allows user to run cmdprivadm with add options.
hpux.security.access.privrun.delete,*
Allows user to run cmdprivadm with delete
options.
EXTERNAL INFLUENCES
Environment Variables
LC_MESSAGES determines the language in which messages are displayed.
International Code Set Support
Single-byte character code set is supported.
RETURN VALUE
Upon completion, cmdprivadm returns one of the following values:
0 Success.
1 Failure. An appropriate error message is printed on standard error.
EXAMPLES
The following commands add entries into the /etc/rbac/cmd_priv
file:
# cmdprivadm add cmd=’/sbin/mount -a’ op=hpux.adm.mount \
> object=’*’ ruid=0 euid=0 rgid=0 egid=0 compartment=testcomp \
> privs=BASICROOT,CHANGECMPT re-auth=passwd
# cmdprivadm add cmd=/sbin/mount op=hpux.printer.add object=’*’
The following commands delete entries from the /etc/rbac/cmd_priv
file:
# cmdprivadm delete cmd=’/sbin/mount -a’
# cmdprivadm delete cmd=/sbin/mount
FILES
/etc/rbac/roles
Database containing valid definitions of all roles.
/etc/rbac/auths
Database containing definitions of all valid authorizations.
/etc/rbac/user_role
Database specifying the roles allowed for each specified user.
/etc/rbac/role_auth
Database defining the authorizations for each specified role.
/etc/rbac/cmd_priv
Database containing the authorization to execute specified commands, and the
privileges to alter UID and GID for command execution.
SEE ALSO
authadm(1M), privrun(1M), rbacdbchk(1M), roleadm(1M), rbac(5).
HP-UX 11i Version 3: February 2007 − 2 − Hewlett-Packard Company 121