Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ settdev(1M) — DG/UX R4.11MU05

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

secstat(1)



settdev(1M)              DG/UX B2 Security R4.12MU02             settdev(1M)


NAME
       settdev - set and display the trusted device status

SYNOPSIS
       settdev [-alpqr] -i t file ...

       settdev [-alpqr] -i n file ...

       settdev [-alpqr] -I ifile file ...

       settdev [-alpqr] file ...

   where:
       file   A file of any of the following types: character special, block
              special or named pipe.
       ifile  An ordinary file containing input information

DESCRIPTION
       The settdev command sets and displays the trusted device status of
       the specified files.

   Options
       -a   Causes settdev to display the trusted device status of files
            beginning with '.' when the -r option is selected.

       -l   Causes settdev to not resolve symbolic links and not report
            errors on target files that are symbolic links.

       -p   Causes the absolute pathname of the file to be displayed with
            all symbolic links resolved (assuming the absence of the -l
            option).

       -q   Stops settdev from writing diagnostic messages and from
            displaying the trusted device status after setting it.  The
            usage error message is always written.

       -i   Specifies to settdev whether the trusted device status should be
            trusted (-it) or normal (-in).

       -I   read trusted device values to set from the specified file ifile.

            ifile is human-readable.  It is composed of lines delimited with
            the new-line character.  It can contain just one string
            beginning with either t or or n or it can be the output from the
            settdev command.

            If -I is specified and no file arguments are specified, then
            settdev tries to set the trusted device status of each file
            specified in the -I input source to the associated value in the
            -I input source.

            If -I is specified and file arguments are specified, then
            settdev tries to set the trusted device status of each file
            argument to the first trusted device status value in the -I
            input source.

            -I- specifies stdin.

       To determine the trusted device status of a device, the user must
       have MAC read access to the device and must have search access to the
       parent directory of the device, or must have appropriate privilege.

       To set the trusted-device attribute of a device, the user must have
       appropriate privilege.  When setting the trusted device status
       successfully, settdev displays the file and the trusted device status
       if the -q option was not selected.

   Output Format
       The settdev command displays the trusted device status as follows:

              device-name trusted-device-status
       where device-name is the specified device name or the resolved
       pathname and trusted-device-status is either trusted or normal.

EXAMPLES
       Assume the device /dev/tty00 has an initial trusted device status of
       normal and you are writing a server program that is the exclusive
       user of /dev/tty00 and enforces its own security policy:

       # settdev /dev/tty00
       /dev/tty00 normal
       # echo $?
       0

       Make it a trusted device:

       # settdev -it /dev/tty00
       /dev/tty00 trusted
       # echo $?
       0

DIAGNOSTICS
       settdev writes all diagnostic messages to stderr.

       The settdev command exits with one of the following values:

       0   The trusted device status of all file objects was successfully
           reported.

       2   settdev could not access one or more file objects.

       3   settdev usage is wrong

SEE ALSO
       secstat(1), dgsecstat(2), dgsettrusteddevice(2).


Licensed material--property of copyright holder(s)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026