Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ subsystems(S) — System V/386 Software Development System 3.2.2b

Media Vault

Software Library

Restoration Projects

Artifacts Sought



     SUBSYSTEMS(S)             UNIX System V             SUBSYSTEMS(S)



     Name
          subsystems - manipulation routines for Subsystems database

     Syntax
          int authorized_user (auth)
          char *auth;

          int total_auths()

          int widest_auth()

          int primary_auth (name)
          char *name;

          int secondary_auth (name)
          char *name;

          char *primary_of_secondary_auth (name)
          char *name;

          int write_authorizations (user, auth_list, list_len)
          char *user;
          char **auth_list;
          int list_len;

     Description
          These routines manipulate and refer to the Subsystems
          database, which is extracted from the Protected Password
          entries for all users.  The Subsystems database stores
          primary and secondary authorizations for users with respect
          to protected subsystems on the Security Module Package.  A
          protected subsystem is associated with a special group, and
          provides some service to users.  It is called protected
          because all its programs run SGID to that group, and the
          files and devices that the subsystem references are only
          accessible to that group, and therefore through the
          protected subsystem's programs.

          A primary authorization for a protected subsystem allows a
          user to assume the administrator role for that subsystem.
          The primary authorization name is the group name whose
          effective identity is used by the subsystem programs to
          protect subsystem files.  If a user possesses a primary
          authorization for a subsystem, he/she can do all actions
          within that subsystem.  The list of primary authorizations
          is as follows:

               audit          Audit administrator.

               auth           Authentication database administrator.

               backup         Backup and file system maintenance
                              administrator.

               cron           Cron subsystem administrator (at, batch,
                              crontab).

               lp             Line printer spooling subsystem
                              administrator.

               mem            Authorization to view information about
                              other users (memory devices).

               sysadmin       System administrator functions that
                              require root privilege.

               terminal       The authorization to send unfiltered
                              information between user terminals.

               uucp           The ability to run uucp (not currently
                              supported).

          A secondary authorization allows finer grain operations
          within protected subsystems.  These authorizations are often
          granted either to specific users or to the entire user
          community by appropriate setup of user Protected Password
          entries and the Defaults database.  Each secondary
          authorization is associated with exactly one protected
          subsystem, and only allows operations with respect to that
          subsystem.  The secondary authorizations are as follows:

               printqueue     Authorization to see other user's jobs
                              in the print queues (lp).

               printerstat    Authorization to change printer status
                              with enable(C) and disable(C) commands
                              (lp).

               queryspace     Authorization to use df(C) to query file
                              system space (backup).

          Authorized_user returns non-zero if the login user ID
          associated with the current process has the specified
          authorization in the subsystem which is currently running.
          This subsystem is identified by the effective group under
          which the program began execution.  The primary
          authorization for any subsystem grants all secondary
          authorizations for that subsystem.

          The rest of the routines are for programs which will
          manipulate user entries directly, or which have to validate
          authorizations input by users.  They may not be supported in
          future releases of the SMP.  Total_auths returns the number
          of primary and secondary authorizations recognized by the
          system.  Widest_auth returns the longest string name of any
          authorization.  Primary_auth maps a primary authorization
          name to a bit offset in a mask.  This is used for checking a
          user's authorizations against the Protected Password entry.
          Secondary_auth maps a secondary authorization to a bit
          offset.  Primary_of_secondary_auth returns the primary
          authorization name associated with the secondary
          authorization.  The primary authorization name is also the
          subsystem name in which the secondary authorization is
          recognized.

          Write_authorizations updates the Subsystems database for a
          given user.  It takes list_len authorizations from the
          auth_list array of string pointers and associates those
          authorizations with the given user.  If the first character
          string pointer references the string ``default,'' the user
          is given default authorizations.  This routine is used by
          the screen-oriented routine which updates the user's
          Protected Password entry, and then must propagate the user's
          authorizations to the Subsystems database.

     See Also
          getprpwent(S)

     Diagnostics
          Authorized_user return non-zero if the user possesses the
          specified authorization, otherwise zero.  Total_auths
          returns the sum of the number of primary authorizations and
          the number of secondary authorizations recognized by the
          system.  Widest_auth returns the length of the longest
          string name of an authorization.  This length does not
          include the trailing NULL character.  Both primary_auth and
          secondary_auth return a negative value if the authorization
          name is not supported; otherwise, they return the bit offset
          of the authorization.  The Protected Password database
          stores both types of authorizations in the same mask.
          Primary_of_secondary_auth returns a pointer to a static area
          containing the primary authorization name associated with
          the secondary authorization.  The string must be copied if
          it is to be modified.  Write_authorizations returns 0 on
          success, non-zero on permission failures, I/O errors, etc.

     Notes
          Programs using this routine must be compiled with -lprot.






                                             (printed 6/20/89)



Typewritten Software • bear@typewritten.org • Edmonds, WA 98026