Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ authorize(F) — OpenDesktop 3.0.0

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

asroot(ADM)

cron(C)

df(C)

shutdown(ADM)

su(C)

subsystem(M)


 authorize(F)                  06 January 1993                   authorize(F)


 Name

    authorize - subsystem authorization file

 Format

    authorization:[secondaryauthorization,...]

 Description

    The authorize file (/etc/auth/system/authorize) contains subsystem
    authorizations supported by the system. Each unique authorization must be
    defined in this file in order to be used by an application.

    An authorization may specify optional secondary subsystem authorizations
    (secondaryauthorization) that subdivide the facilities controlled by the
    primary authorization; having the primary authorization implies that its
    secondary authorizations are also in effect.

    The list of supported subsystem authorizations can vary according to the
    system configuration.  Subsystem authorizations can be added dynamically
    by editing authorize.

    The following authorizations are supported:

    audit        allows a user to perform audit subsystem administration;
                 audit has the following default secondary authorization:

                 audittrail   allows a user to view those portions of the
                              audit trail generated by their own processes

    auth         allows a user to perform authentication subsystem adminis-
                 tration; auth has the following default secondary authoriza-
                 tions:

                 passwd       allows a user to change the password of any
                              account provided that account does not have the
                              auth authorization

                 su           allows a user to su(C) to any account for which
                              the password is known

    backup       allows a user to perform backup subsystem administration;
                 backup has the following default secondary authorization:

                 queryspace   allows a user to use the df(C) command

    cron         allows a user to act as cron(C) subsystem administrator

    lp           allows a user to act as line printer subsystem administra-
                 tor; lp has the following default secondary authorizations:

                 printerstat  allows a user to enable and disable printers

                 printqueue   allows a user to list the jobs in the printer
                              queue

    mem          allows a user to view system process data for all processes

    root         allows a user to run the asroot(ADM) command; root has the
                 following removable default secondary authorization:

                 shutdown     allows a user to run the shutdown(ADM) command
                              via asroot

    sysadmin     not currently used; included for backwards compatibility

    terminal     allows a user to override message filtering when sending
                 data to another user's terminal

    uucp         not currently used; included for backwards compatibility

 Examples

    The following entry from authorize means that users given lp authoriza-
    tion will also have printqueue and printerstat secondary authorization:

       lp:printqueue,printerstat


 Warning

    Primary and secondary authorizations must never be deleted from authorize
    as shipped; authorizations may only be added to the base set. Note that
    shutdown is the only exception and may be removed if necessary.

 Limitations

    The total number of primary and secondary authorizations specified must
    not exceed 32. This limit is imposed by the current implementation.

 Files

    /etc/auth/system/authorize  subsystem authorizations database

 See also

    asroot(ADM), cron(C), df(C), shutdown(ADM), su(C), subsystem(M)

 Standards conformance

    authorize is not part of any currently supported standard; it is an
    extension of AT&T System V provided by The Santa Cruz Operation, Inc.


Typewritten Software • bear@typewritten.org • Edmonds, WA 98026