auths(C) 19 June 1992 auths(C) Name auths - list and/or restrict kernel authorizations Syntax auths [ -v ] [ -a authlist ] [ -r authlist ] [ -c command ] Description The auths command performs actions associated with system privilege mani- pulation. With no arguments, auths returns the kernel authorizations associated with the current process. All other uses of auths are dis- cussed below. Either of the -a or -r options allow the user to alter the kernel author- izations in order to run a shell or a single command. The -a option requires a list of comma-separated authorizations, which become the abso- lute set of kernel authorizations for the new process. This new set must be a subset of the kernel authorizations of the invoking process. To start a process with a null set of kernel authorizations, use the empty string ""). The -r option also takes, as an argument, a comma-separated list of authorizations. These are removed from the authorization set of the invoking process when forming the kernel authorizations for the new process. The argument to the -c option is passed to the user's shell as specified in the user's /etc/passwd entry which is run as a single command. The user's shell must support the -c command syntax similar to sh(C). When the argument is absent (and -a or -r is specified), the user's shell is invoked as a process with adjusted authorizations. Exiting that shell will resume execution in the previous shell and the original kernel authorizations will be in effect. This option may be used to run a command with restricted authorizations, that is, fewer than those allowed the user in the Protected Password Database entry. The -v option lists the new kernel authorizations before the new command or shell is run. It also warns with the -a option when more authoriza- tions are attempted to be set than already exist or with the -r option when more authorizations are attempted to be removed than already exist. The kernel authorizations are: execsuid allows the running of SUID programs writeaudit process can write directly to the audit trail configaudit process can change audit subsystem parameters suspendaudit process is not audited by the kernel chmodsugid process can set SUID and GID bits on files chown process can change ownership of files it owns Examples To execute a shell without the execsuid kernel authorization: auths -r execsuid To list the current kernel authorizations: auths To execute yourprog with no kernel authorizations: auths -a "" -c yourprog To execute myprog with chmodsugid and execsuid: auths -a chmodsugid,execsuid -c myprog See also sh(C), getpriv(S), getprwent(S), setpriv(S) ``Using a secure system'' in the User's Guide Value added auths is an extension of AT&T System V provided by The Santa Cruz Opera- tion, Inc.