Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ authlist(1M) — DG/UX R4.11MU05

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

authck(1M)

secconfig(1)



authlist(1M)             DG/UX B2 Security R4.12MU02            authlist(1M)


NAME
       authlist - list a user's authorizations and session attributes

SYNOPSIS
       authlist user-name

DESCRIPTION
       The authlist command presents a user's Base Session Attributes and a
       list of the authorizations available to that user along with the
       session attributes directly associated with each authorization.  In
       all cases, what is presented is the object name associated with a
       particular aspect of the user's account.  Use sysadm(1M) to determine
       the underlying value an object contains.

       A user's authorization is a combination of three selector values, one
       each for:

       Service - The name of a particular service for which the user is
              authorized.

       Location and Time Restrictions - From where and when the user may
              access a service.  Referred to as Loc/Time in the authlist
              output.

       Clearance Range - The minimum and maximum clearance values at which a
              user is authorized to initiate a given service.

       These values are used to determine if a user is authorized to use a
       service to initiate a particular session (e.g., login from a
       laboratory terminal at 9 a.m. at the RESTRICTED clearance level).
       Each session attribute value associated with an authorization may be
       specified explicitly or the value may be inherited.  The session
       attributes that you can specify on a per authorization basis are:
              · Clearance
              · Identity
              · Environment
              · Audit Mask
              · Capability
              · Password Set

       For a more complete discussion of these terms and related topics, see
       Managing Security on the DG/UX System.

       The output is written to standard output.  The Base Session
       Attributes are presented in six columns labeled as follows:

       Clearance     The object that determines the clearance range assigned
                     to the session and the clearance label with which the
                     session will run if the user does not request a
                     clearance label when initiating the session.

       Identity      The object that determines the user's runtime identity
                     (e.g., UID, GID).

       Environment   The object that determines the characteristics of the
                     user's runtime environment (e.g., root and home
                     directories, execution priority).

       Audit-Mask    The object that determines the audit mask with which
                     this user will run.

       Capability    The object that determines the capability with which
                     this user will run.

       Password-Set  The password set used to initiate the session.

       The user's authorizations (if any), are also presented in columnar
       format with the particular selector values that make up an
       authorization on the left and all of the the attributes associated
       with those authorizations on the right.  If there is no
       authorization-specific session attribute, the term inherit() is
       listed to indicated that the value is inherited from the previous
       authorization in the temporary authorization matrix.  For a
       discussion of the temporary authorization matrix, see Managing
       Security on the DG/UX System.

EXAMPLE
       To display a user's authorizations and the Session Attribute values
       associated with each authorization:
              authlist proto

DIAGNOSTICS
       authlist writes all diagnostic messages to standard error.  The
       authlist command exits with one of the following values:

              0   The authorizations and attributes associated with the user
                  were successfully listed.

              1   The specified user name does not exist in the A&A
                  database.

              2   Insufficient privilege to perform the operation.

              3   Incorrect usage.  Exactly one user name should be supplied
                  as an argument to authlist.

SEE ALSO
       authck(1M), secconfig(1), capdefaults(5).
       Managing Security on the DG/UX System.

NOTES
       To execute this command you must have appropriate privilege.
       Appropriate privilege is defined as having one or more specific
       capabilities enabled in the effective capability set of the user.
       (See the appropriateprivilege(5) man page for more information.)
       See capdefaults(5) for the default capabilities for this command.

BUGS
       If a selector or session attribute object name is longer than 12
       characters, the output will be shifted to the right, possibly causing
       values to not line up correctly with their respective column heading.


Licensed material--property of copyright holder(s)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026