Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ subsystems(S) — OpenDesktop Software Development System 3.0.0

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

getprpwent(S)


 subsystems(S)                  6 January 1993                  subsystems(S)


 Name

    subsystems - manipulation routines for Subsystems database

 Syntax


    cc  . . .  -lprot -lx


    int authorized_user (auth)
    char *auth;

    int primary_auth (name)
    char *name;

    char *primary_of_secondary_auth (name)
    char *name;

    int secondary_auth (name)
    char *name;

    int total_auths()

    int widest_auth()

    int write_authorizations (user, auth_list, list_len)
    char *user;
    char **auth_list;
    int list_len;


 Description

    These routines manipulate and refer to the Subsystems database, which is
    extracted from the Protected Password entries for all users.  The Subsys-
    tems database stores primary and secondary authorizations for users with
    respect to protected subsystems on the Security Module Package.  A pro-
    tected subsystem is associated with a special group, and provides some
    service to users.  It is called protected because all its programs run
    SGID to that group, and the files and devices that the subsystem refer-
    ences are only accessible to that group, and therefore through the pro-
    tected subsystem's programs.

    A primary authorization for a protected subsystem allows a user to assume
    the administrator role for that subsystem.  The primary authorization
    name is the group name whose effective identity is used by the subsystem
    programs to protect subsystem files.  If a user possesses a primary
    authorization for a subsystem, he/she can do all actions within that sub-
    system.  The list of primary authorizations is as follows:


    audit        Audit administrator.

    auth         Authentication database administrator.

    backup       Backup and file system maintenance administrator.

    cron         Cron subsystem administrator (at, batch, crontab).

    lp           Line printer spooling subsystem administrator.

    mem          Authorization to view information about other users (memory
                 devices).

    sysadmin     System administrator functions that require root privilege.

    terminal     The authorization to send unfiltered information between
                 user terminals.

    uucp         The ability to run uucp (not currently supported).

    A secondary authorization allows finer grain operations within protected
    subsystems.  These authorizations are often granted either to specific
    users or to the entire user community by appropriate setup of user Pro-
    tected Password entries and the Defaults database.  Each secondary
    authorization is associated with exactly one protected subsystem, and
    only allows operations with respect to that subsystem.  The secondary
    authorizations are as follows:


    printqueue   Authorization to see other user's jobs in the print queues
                 (lp).

    printerstat  Authorization to change printer status with enable(C) and
                 disable(C) commands (lp).

    queryspace   Authorization to use df(C) to query file system space
                 (backup).

    The authorizeduser routine returns non-zero if the login user ID associ-
    ated with the current process has the specified authorization in the sub-
    system that is currently running.  This subsystem is identified by the
    effective  group under which the program began execution.  The primary
    authorization for any subsystem grants  all secondary authorizations for
    that subsystem.

    The rest of the routines are for programs that manipulate user entries
    directly, or that have to validate authorizations input by users.  They
    may not be supported in future releases of the SMP.  The primaryauth
    routine maps a primary authorization name to a bit offset in a mask.
    This is used for checking a user's authorizations against the Protected
    Password entry.  The primaryofsecondaryauth routine returns the pri-
    mary authorization name associated with the secondary authorization.  The
    primary authorization name is also the subsystem name in which the sec-
    ondary authorization is recognized.  The secondaryauth routine maps a
    secondary authorization to a bit offset.  The totalauths routine returns
    the number of primary and secondary authorizations recognized by the sys-
    tem.  The widestauth routine returns the longest string name of any
    authorization.

    The writeauthorizations routine updates the Subsystems database for a
    given user.  It takes listlen authorizations from the authlist array of
    string pointers and associates those authorizations with the given user.
    If the first character string pointer references the string ``default,''
    the user is given default authorizations.  This routine is used by the
    screen-oriented routine which updates the user's Protected Password
    entry, and then must propagate the user's authorizations to the Subsys-
    tems database.

 Diagnostics

    The authorizeduser routine returns non-zero if the user possesses the
    specified authorization, otherwise zero.  The totalauths routine returns
    the sum of the number of primary authorizations and the number of second-
    ary authorizations recognized by the system.  The widestauth routine
    returns the length of the longest string name of an authorization.  This
    length does not include the trailing null character.  Both primaryauth
    and secondaryauth return a negative value if the authorization name is
    not supported; otherwise, they return the bit offset of the authoriza-
    tion.  The Protected Password database stores both types of authoriza-
    tions in the same mask.  The primaryofsecondaryauth routine returns a
    pointer to a static area containing the primary authorization name asso-
    ciated with the secondary authorization.  The string must be copied if it
    is to be modified.  The writeauthorizations routine returns 0 on suc-
    cess, non-zero on permission failures, I/O errors, etc.

 See also

    getprpwent(S)

 Standards conformance

    subsystems is not part of any currently supported standard; it is an
    extension of AT&T System V provided by the Santa Cruz Operation.


Typewritten Software • bear@typewritten.org • Edmonds, WA 98026