authorize(F) 06 January 1993 authorize(F) Name authorize - subsystem authorization file Format authorization:[secondaryauthorization,...] Description The authorize file (/etc/auth/system/authorize) contains subsystem authorizations supported by the system. Each unique authorization must be defined in this file in order to be used by an application. An authorization may specify optional secondary subsystem authorizations (secondaryauthorization) that subdivide the facilities controlled by the primary authorization; having the primary authorization implies that its secondary authorizations are also in effect. The list of supported subsystem authorizations can vary according to the system configuration. Subsystem authorizations can be added dynamically by editing authorize. The following authorizations are supported: audit allows a user to perform audit subsystem administration; audit has the following default secondary authorization: audittrail allows a user to view those portions of the audit trail generated by their own processes auth allows a user to perform authentication subsystem adminis- tration; auth has the following default secondary authoriza- tions: passwd allows a user to change the password of any account provided that account does not have the auth authorization su allows a user to su(C) to any account for which the password is known backup allows a user to perform backup subsystem administration; backup has the following default secondary authorization: queryspace allows a user to use the df(C) command cron allows a user to act as cron(C) subsystem administrator lp allows a user to act as line printer subsystem administra- tor; lp has the following default secondary authorizations: printerstat allows a user to enable and disable printers printqueue allows a user to list the jobs in the printer queue mem allows a user to view system process data for all processes root allows a user to run the asroot(ADM) command; root has the following removable default secondary authorization: shutdown allows a user to run the shutdown(ADM) command via asroot sysadmin not currently used; included for backwards compatibility terminal allows a user to override message filtering when sending data to another user's terminal uucp not currently used; included for backwards compatibility Examples The following entry from authorize means that users given lp authoriza- tion will also have printqueue and printerstat secondary authorization: lp:printqueue,printerstat Warning Primary and secondary authorizations must never be deleted from authorize as shipped; authorizations may only be added to the base set. Note that shutdown is the only exception and may be removed if necessary. Limitations The total number of primary and secondary authorizations specified must not exceed 32. This limit is imposed by the current implementation. Files /etc/auth/system/authorize subsystem authorizations database See also asroot(ADM), cron(C), df(C), shutdown(ADM), su(C), subsystem(M) Standards conformance authorize is not part of any currently supported standard; it is an extension of AT&T System V provided by The Santa Cruz Operation, Inc.