priv(4)


priv -- privilege data file

Description

A privilege data file entry has the following format:
   size:cksum:time:privlist:pathname

Each field in the entry is separated by a colon (:) character. The size field contains the file size in bytes, as returned by stat(2). The cksum field contains a checksum (see sum(1)) value for the file. The time field contains the time the file status was last changed, expressed in seconds since the epoch (January 1, 1970), as returned in the st_ctime field by stat(2). These three fields are used to check that the file has not been changed in any manner since the time the file was given privilege. If this happens, the privileges no longer apply, and must be reset using the filepriv(1) command.

The pathname field contains the absolute pathname to the file given the privileges in the entry.

The privlist field contains a list of the privileges on the file. The list is grouped according to privilege set (i.e., fixed or inheritable). The fixed privilege set for the file is listed first. Each set is listed with a prepended % character, followed by a six letter set identification string, fixed for the fixed set, and inher for the inheritable set, and then a comma separated list of privilege names. The intro(2) page contains a list of all privilege names.

The privilege data file is /etc/security/tcb/privs.

Examples

Assume an executable file named /usr/bin/example was given a fixed core privilege and inheritable owner and auditwr privileges. The file has a size of 5000 bytes and the checksum value is 341. The entry for this file in /etc/security/tcb/privs might look like:
   5000:341:709323090:%fixed,core%inher,owner,auditwr:/usr/bin/example

References

filepriv(1M), initprivs(1M), intro(2), stat(2), sum(1)
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 25 April 2004