secstat(1) C2 Trusted DG/UX 5.4.2T secstat(1)
NAME
secstat - list security attribute status
SYNOPSIS
secstat [-alpqr] [-c | -b] object ...
where:
object is a pathname
DESCRIPTION
The secstat command displays the status of the security attributes on
a file object, based upon the information in the file object's
internal data structures. The information returned indicates:
⊕ whether a file has an extended ACL
⊕ whether a directory has a default ACL
Options are:
-a Causes secstat to display status information of files beginning
with '.', when the -r option is selected.
-b Display security attribute status information in binary form.
-c Display security attribute status information in character
format (the default).
-l Causes secstat to not process target files that are symbolic
links (i.e., links are not resolved, and no information about a
link itself is displayed).
-p Causes the absolute pathname of the file to be displayed with
all symbolic links resolved (assuming the absence of the -l
option).
-q Stops secstat from writing diagnostic messages. The usage error
message is always written.
-r causes secstat to recursively descend through directory file
objects, displaying the security attribute status of each file
object.
-c and -b cannot both be specified.
Output Format
If no output format is specified, or -c is specified, then the
secstat command displays the security attribute status information in
character format.
The first line will list the object type (directory, file, pipe),
followed by a colon and a space, followed by the object name.
The second line will indicate whether the file object has a minimum
Licensed material--property of copyright holder(s) 1
secstat(1) C2 Trusted DG/UX 5.4.2T secstat(1)
ACL or an extended ACL (minimum ACL, extended ACL). If the file
object is a directory that has a default ACL, this line will also
include a second, space-separated field so indicating ( default ACL).
If binary output format is specified (-b), then the secstat command
displays the object type, followed by a colon, a space, and the
object name, followed by a colon, a space and the hex value of the
secpattrs field (see dgsecstat(2)). If the object is a directory,
this information is followed by a space and the hex value of the
directory subtype field.
The output for each object will be followed by a blank line.
EXAMPLES
A directory /regdir has no extended ACL.
$secstat regdir
directory file: regdir
minimum ACL
A regular file /regfile has an extended ACL.
$secstat regfile
file: regfile
extended ACL
Both file objects above are specified on the same command line.
$secstat regdir regfile
directory file: regdir
minimum ACL
file: regfile
extended ACL
DIAGNOSTICS
secstat writes all diagnostic messages to stderr. The secstat
command exits with one of the following values:
0 The security attribute status of all file objects was
successfully reported.
2 secstat could not access one or more file objects.
3 secstat usage is wrong
NOTES
It is of little interest to see the security attributes of symbolic
links. These attributes play no role in the Trusted access control
policy or mechanism.
The absence of any security attribute that would occupy space in the
ufia (e.g., a file with a minimum ACL) does not assure that the file
has no ufia. There are other entities that can be placed in the
Licensed material--property of copyright holder(s) 2
secstat(1) C2 Trusted DG/UX 5.4.2T secstat(1)
ufia, such as by the dgsetftamattrs(2) system call, or by site
specific commands or device drivers.
SEE ALSO
dgsecstat(2)
Trusted Facility Manual for the C2 Trusted DG/UX System
Licensed material--property of copyright holder(s) 3