authlist(1M) DG/UX B2 Security R4.12MU02 authlist(1M)
NAME
authlist - list a user's authorizations and session attributes
SYNOPSIS
authlist user-name
DESCRIPTION
The authlist command presents a user's Base Session Attributes and a
list of the authorizations available to that user along with the
session attributes directly associated with each authorization. In
all cases, what is presented is the object name associated with a
particular aspect of the user's account. Use sysadm(1M) to determine
the underlying value an object contains.
A user's authorization is a combination of three selector values, one
each for:
Service - The name of a particular service for which the user is
authorized.
Location and Time Restrictions - From where and when the user may
access a service. Referred to as Loc/Time in the authlist
output.
Clearance Range - The minimum and maximum clearance values at which a
user is authorized to initiate a given service.
These values are used to determine if a user is authorized to use a
service to initiate a particular session (e.g., login from a
laboratory terminal at 9 a.m. at the RESTRICTED clearance level).
Each session attribute value associated with an authorization may be
specified explicitly or the value may be inherited. The session
attributes that you can specify on a per authorization basis are:
· Clearance
· Identity
· Environment
· Audit Mask
· Capability
· Password Set
For a more complete discussion of these terms and related topics, see
Managing Security on the DG/UX System.
The output is written to standard output. The Base Session
Attributes are presented in six columns labeled as follows:
Clearance The object that determines the clearance range assigned
to the session and the clearance label with which the
session will run if the user does not request a
clearance label when initiating the session.
Identity The object that determines the user's runtime identity
(e.g., UID, GID).
Environment The object that determines the characteristics of the
user's runtime environment (e.g., root and home
directories, execution priority).
Audit-Mask The object that determines the audit mask with which
this user will run.
Capability The object that determines the capability with which
this user will run.
Password-Set The password set used to initiate the session.
The user's authorizations (if any), are also presented in columnar
format with the particular selector values that make up an
authorization on the left and all of the the attributes associated
with those authorizations on the right. If there is no
authorization-specific session attribute, the term inherit() is
listed to indicated that the value is inherited from the previous
authorization in the temporary authorization matrix. For a
discussion of the temporary authorization matrix, see Managing
Security on the DG/UX System.
EXAMPLE
To display a user's authorizations and the Session Attribute values
associated with each authorization:
authlist proto
DIAGNOSTICS
authlist writes all diagnostic messages to standard error. The
authlist command exits with one of the following values:
0 The authorizations and attributes associated with the user
were successfully listed.
1 The specified user name does not exist in the A&A
database.
2 Insufficient privilege to perform the operation.
3 Incorrect usage. Exactly one user name should be supplied
as an argument to authlist.
SEE ALSO
authck(1M), secconfig(1), capdefaults(5).
Managing Security on the DG/UX System.
NOTES
To execute this command you must have appropriate privilege.
Appropriate privilege is defined as having one or more specific
capabilities enabled in the effective capability set of the user.
(See the appropriateprivilege(5) man page for more information.)
See capdefaults(5) for the default capabilities for this command.
BUGS
If a selector or session attribute object name is longer than 12
characters, the output will be shifted to the right, possibly causing
values to not line up correctly with their respective column heading.
Licensed material--property of copyright holder(s)