HP-UX Reference (11i v3 07/02) - 1M System Administration Commands N-Z (vol 4)
p
privedit(1M) privedit(1M)
International Code Set Support
Single-byte character code set is supported.
RETURN VALUE
Success If
privedit permitted the user to edit the file, then the return value from privedit is the
return value of the editor used to edit the file.
Failure
privedit returns a value of 1 and an appropiate error message is printed to standard error.
EXAMPLES
Example 1
In the following example, the caller invokes
privedit
to edit /etc/fstab .
# privedit /etc/fstab
The /etc/rbac/cmd_priv
database is examined for an entry corresponding to the file
/etc/fstab .
If this entry is found, then the necessary authorization is retrieved from that entry.
privedit then
determines whether the user has the necessary authorization and whether the file is allowed to be edited as
determined by the value in the flag field.
privedit then invokes the editor to edit a copy of
/etc/fstab ; as the original file is never edited directly.
The EDITOR environment variable determines which editor privedit invokes. If a user does not set the
EDITOR environment variable, privedit uses the default editor, vi. After the user exits the editor, the
edited file replaces the original file. The editor is always invoked as the regular user so that there are no
additional privileges given to the user while the file is being edited.
Example 2
In the next example, the caller wants to edit the file /etc/default/security
with a specific authori-
zation of
(hpux.sec.edit,secfile)
.
# privedit -a "(hpux.sec.edit,secfile)" /etc/default/security
If a /etc/rbac/cmd_priv
entry exists for the file /etc/default/security with the associated
authorization
(hpux.sec.edit,secfile)
and editing is allowed per the flag field, then the usual
authorization/edit process takes place. If this entry does not exist, (even if an entry for
/etc/default/security
appears with different associated authorization (operation,object)), then
privedit fails and prints an error message.
FILES
/etc/rbac/roles
Database containing valid definitions of all roles.
/etc/rbac/auths
Database containing definitions of all valid authorizations.
/etc/rbac/user_role
Database specifying the roles for each specified user.
/etc/rbac/role_auth
Database defining the authorizations for each role.
/etc/rbac/cmd_priv
Database that contains the authorization to execute or edit specified commands or
files, and the privileges to alter UID and GID for command execution.
SEE ALSO
privrun(1M), rbacdbchk(1M), acps(3), acps.conf(4), rbac(5).
162 Hewlett-Packard Company − 3 − HP-UX 11i Version 3: February 2007