settdev(1M) DG/UX B2 Security R4.12MU02 settdev(1M)
NAME
settdev - set and display the trusted device status
SYNOPSIS
settdev [-alpqr] -i t file ...
settdev [-alpqr] -i n file ...
settdev [-alpqr] -I ifile file ...
settdev [-alpqr] file ...
where:
file A file of any of the following types: character special, block
special or named pipe.
ifile An ordinary file containing input information
DESCRIPTION
The settdev command sets and displays the trusted device status of
the specified files.
Options
-a Causes settdev to display the trusted device status of files
beginning with '.' when the -r option is selected.
-l Causes settdev to not resolve symbolic links and not report
errors on target files that are symbolic links.
-p Causes the absolute pathname of the file to be displayed with
all symbolic links resolved (assuming the absence of the -l
option).
-q Stops settdev from writing diagnostic messages and from
displaying the trusted device status after setting it. The
usage error message is always written.
-i Specifies to settdev whether the trusted device status should be
trusted (-it) or normal (-in).
-I read trusted device values to set from the specified file ifile.
ifile is human-readable. It is composed of lines delimited with
the new-line character. It can contain just one string
beginning with either t or or n or it can be the output from the
settdev command.
If -I is specified and no file arguments are specified, then
settdev tries to set the trusted device status of each file
specified in the -I input source to the associated value in the
-I input source.
If -I is specified and file arguments are specified, then
settdev tries to set the trusted device status of each file
argument to the first trusted device status value in the -I
input source.
-I- specifies stdin.
To determine the trusted device status of a device, the user must
have MAC read access to the device and must have search access to the
parent directory of the device, or must have appropriate privilege.
To set the trusted-device attribute of a device, the user must have
appropriate privilege. When setting the trusted device status
successfully, settdev displays the file and the trusted device status
if the -q option was not selected.
Output Format
The settdev command displays the trusted device status as follows:
device-name trusted-device-status
where device-name is the specified device name or the resolved
pathname and trusted-device-status is either trusted or normal.
EXAMPLES
Assume the device /dev/tty00 has an initial trusted device status of
normal and you are writing a server program that is the exclusive
user of /dev/tty00 and enforces its own security policy:
# settdev /dev/tty00
/dev/tty00 normal
# echo $?
0
Make it a trusted device:
# settdev -it /dev/tty00
/dev/tty00 trusted
# echo $?
0
DIAGNOSTICS
settdev writes all diagnostic messages to stderr.
The settdev command exits with one of the following values:
0 The trusted device status of all file objects was successfully
reported.
2 settdev could not access one or more file objects.
3 settdev usage is wrong
SEE ALSO
secstat(1), dgsecstat(2), dgsettrusteddevice(2).
Licensed material--property of copyright holder(s)