Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ auths(C) — OpenDesktop 3.0.0

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

sh(C)

getpriv(S)

getprwent(S)

setpriv(S)


 auths(C)                        19 June 1992                        auths(C)


 Name

    auths - list and/or restrict kernel authorizations

 Syntax

    auths [ -v ] [ -a authlist ] [ -r authlist ] [ -c command ]

 Description

    The auths command performs actions associated with system privilege mani-
    pulation.  With no arguments, auths returns the kernel authorizations
    associated with the current process.  All other uses of auths are dis-
    cussed below.

    Either of the -a or -r options allow the user to alter the kernel author-
    izations in order to run a shell or a single command.  The -a option
    requires a list of comma-separated authorizations, which become the abso-
    lute set of kernel authorizations for the new process.  This new set must
    be a subset of the kernel authorizations of the invoking process.  To
    start a process with a null set of kernel authorizations, use the empty
    string ""). The -r option also takes, as an argument, a comma-separated
    list of authorizations.  These are removed from the authorization set of
    the invoking process when forming the kernel authorizations for the new
    process.

    The argument to the -c option is passed to the user's shell as specified
    in the user's /etc/passwd entry which is run as a single command.  The
    user's shell must support the

       -c command

    syntax similar to sh(C).  When the argument is absent (and -a or -r is
    specified), the user's shell is invoked as a process with adjusted
    authorizations.  Exiting that shell will resume execution in the previous
    shell and the original kernel authorizations will be in effect.  This
    option may be used to run a command with restricted authorizations, that
    is, fewer than those allowed the user in the Protected Password Database
    entry.

    The -v option lists the new kernel authorizations before the new command
    or shell is run.  It also warns with the -a option when more authoriza-
    tions are attempted to be set than already exist or with the -r option
    when more authorizations are attempted to be removed than already exist.

    The kernel authorizations are:

       execsuid        allows the running of SUID programs
       writeaudit      process can write directly to the audit trail
       configaudit     process can change audit subsystem parameters
       suspendaudit    process is not audited by the kernel
       chmodsugid      process can set SUID and GID bits on files
       chown           process can change ownership of files it owns


 Examples

    To execute a shell without the execsuid kernel authorization:

       auths -r execsuid

    To list the current kernel authorizations:

       auths

    To execute yourprog with no kernel authorizations:

       auths -a "" -c yourprog

    To execute myprog with chmodsugid and execsuid:

       auths -a chmodsugid,execsuid -c myprog


 See also

    sh(C), getpriv(S), getprwent(S), setpriv(S)

    ``Using a secure system'' in the User's Guide

 Value added

    auths is an extension of AT&T System V provided by The Santa Cruz Opera-
    tion, Inc.


Typewritten Software • bear@typewritten.org • Edmonds, WA 98026