Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ auths(C) — OpenDesktop 1.1.0

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

sh(C)

promain(M)

getpriv(S)

setpriv(S)

getprpwent(S)

AUTHS(C)


     AUTHS(C)                             UNIX System V



     Name
          auths - list and/or restrict kernel authorizations


     Syntax
          auths [ -v ] [ -a authlist ] [ -r authlist ] [ -c command ]


     Description
          auths performs  actions  associated  with  system  privilege
          manipulation.   With  no arguments, auths returns the kernel
          authorizations associated with  the  current  process.   All
          other uses of auths are discussed below.

          Either of the -a or -r options allow the user to  alter  the
          kernel  authorizations  in  order to run a shell or a single
          command.  The -a option requires a list  of  comma-separated
          authorizations,  which  become  the  absolute  set of kernel
          authorizations for the new process.  This new set must be  a
          subset of the kernel authorizations of the invoking process.
          To start a process with a null set of kernel authorizations,
          use  the  empty  string  "").   The  -r option also takes as
          argument a comma separated list  of  authorizations.   These
          are  removed  from  the  authorization  set  of the invoking
          process when forming the kernel authorizations for  the  new
          process.

          The argument to the -c option is passed to the user's  shell
          as specified in the user's /etc/passwd entry which is run as
          a single command.  The user's shell must support the

               -c command

          syntax similar to sh(C).  When the argument is  absent  (and
          -a  or  -r  is  specified), the user's shell is invoked as a
          process with adjusted authorizations.   Exiting  that  shell
          will resume execution in the previous shell and the original
          kernel authorizations will be in effect.  This option may be
          used  to  run a command with restricted authorizations, i.e.
          fewer than those allowed the user in the protected  Password
          database entry.

          The -v option lists the new kernel authorizations before the
          new  command  or  shell  is  run.  It also warns with the -a
          option when more authorizations are attempted to be set than
          already exist or with the -r option when more authorizations
          are attempted to be removed than already exist.

          The kernel authorizations are:

               execsuid - allows the running of SUID programs
               nopromain - does not restrict file access when  running
               SUID programs
               writeaudit - process can write directly  to  the  audit
               trail
               configaudit  -  process  can  change  audit   subsystem
               parameters
               suspendaudit - process is not audited by the kernel
               chmodsugid - process can set SUID and GID bits on files
               chown - process can change file ownership

     Examples
          To   execute   a   shell   without   the   execsuid   kernel
          authorization:

               auths -r execsuid

          To list the current kernel authorizations:


               auths

          To execute yourprog with no kernel authorizations:

               auths -a "" -c yourprog


          To execute myprog with chmodsugid and execsuid:

               auths -a chmodsugid,execsuid -c myprog

     See Also
          sh(C), promain(M),  getpriv(S),  setpriv(S),  getprpwent(S),
          ``Using a Trusted System'' in the User's Guide


     (printed 2/15/90)                                   AUTHS(C)



























































































































































































































































































































































































































































































































Typewritten Software • bear@typewritten.org • Edmonds, WA 98026