HP-UX Reference (11i v3 07/02) - 1M System Administration Commands A-M (vol 3)
g
getfilexsec(1M) getfilexsec(1M)
NAME
getfilexsec - display security attributes of binary executable(s)
SYNOPSIS
getfilexsec [-r][-R
][-p][-P][-f][-c] filename...
DESCRIPTION
The
getfilexsec command displays various extended security attributes associated with binary execut-
able files. These attributes include retained privileges, permitted privileges, and compartment and security
attribute flags. See privileges(5) and exec(2)
Options
The
getfilexsec command supports the following options:
-c Displays the compartment name of the file(s).
-f Displays security attribute flags. The only currently defined flag is the privilege start flag.
-p Displays the minimum permitted privileges.
-P Displays the maximum permitted privileges.
-r Displays the minimum retained privileges.
-R Displays the maximum retained privileges.
If no options are specified, all extended security attributes of the binary file(s) are displayed.
Operands
getfilexsec supports the following operand:
filename Binary executable file. All file names given as arguments must be binary executables.
Files of other types (for example, script executables, text files, and so on) are not permitted.
Security Restrictions
The user invoking this command must be able to open the directory in which the binary executable files are
present.
RETURN VALUE
getfilexsec returns the following values:
0 Successful completion. The attributes are displayed.
>0 An error occurs. An error can be caused by an invalid option or inadequate permissions to per-
form the operation.
EXAMPLES
Example 1: Display the maximum permitted privileges and privilege-aware flag of binary executable file
/web/java:
# getfilexsec -P -f /web/java
Sample output:
/web/java:
Flag: start_nil
PermittedMaxPrivileges: CMPTREAD, CMPTWRITE
SEE ALSO
setfilexsec(1M), exec(2), compartments(5), privileges(5).
HP-UX 11i Version 3: February 2007 − 1 − Hewlett-Packard Company 277