priv(4) priv(4)
NAME
priv - privilege data file
DESCRIPTION
A privilege data file entry has the following format:
size:cksum:time:privlist:pathname
Each field in the entry is separated by a colon (:) character.
The size field contains the file size in bytes, as returned by
stat(2). The cksum field contains a checksum (see sum(1))
value for the file. The time field contains the time the file
was last modified, expressed in seconds since the epoch
(January 1, 1970), as returned by stat(2). These three fields
are used to check that the file has not been changed in any
manner since the time the file was given privilege. If this
happens, the privileges no longer apply, and must be rest
using the filepriv(1) command.
The pathname field contains the absolute pathname to the file
given the privileges in the entry.
The privlist field contains a list of the privileges on the
file. The list is grouped according to privilege set (i.e.,
fixed or inheritable). The fixed privilege set for the file is
listed first. Each set is listed with a prepended %
character, followed by a six letter set identification string,
fixed for the fixed set, and inher for the inheritable set,
and then a comma separated list of privilege names. The
intro(2) page contains a list of all privilege names.
The privilege data file is /etc/security/tcb/privs.
EXAMPLE
Assume an executable file named /usr/bin/example was given a
fixed core privilege and inheritable owner and auditwr
privileges. The file has a size of 5000 bytes and the checksum
value is 341. The entry for this file in
/etc/security/tcb/privs might look like:
5000:341:709323090:%fixed,core%inher,owner,auditwr:/usr/bin/example
REFERENCES
filepriv(1M), initprivs(1M), intro(2), stat(2), sum(1)
Copyright 1994 Novell, Inc. Page 1