exec_attr - execution profiles database




     /etc/security/exec_attr is a local database  that  specifies
     the  execution  attributes   associated  with  profiles. The
     exec_attr file can be used with other sources for  execution
     profiles,  including  the  exec_attr NIS map and NIS+ table.
     Programs use the getexecattr(3SECDB) routines to access this

     The search order for multiple execution profile  sources  is
     specified  in  the  /etc/nsswitch.conf file, as described in
     the nsswitch.conf(4) man page. The search order follows  the
     entry for prof_attr(4).

     A profile is a logical grouping of authorizations  and  com-
     mands  that  is  interpreted  by  a  profile shell to form a
     secure execution environment. The shells that interpret pro-
     files  are pfcsh, pfksh, and pfsh. See the pfsh(1) man page.
     Each user's account is  assigned zero or  more  profiles  in
     the user_attr(4) database file.

     Each entry in the exec_attr database consists of one line of
     text  containing seven fields separated by colons (:).  Line
     continuations using the backslash (\) character are  permit-
     ted. The basic format of each entry is:


     name  The name of  the  profile.  Profile  names  are  case-

           The policy that is associated with the profile  entry.
           The only valid policy is suser.

     type  The type of object defined in the  profile.  The  only
           valid type is cmd.

     res1  Reserved for future use.

     res2  Reserved for future use.

     id    A string that uniquely identifies the object described
           by  the  profile. For a profile of type cmd, the id is
           either the full path to the command  or  the  asterisk
           (*)  symbol,  which  is used to allow all commands. An
           asterisk that replaces the  filename  component  in  a
           pathname  indicates  all  files in a particular direc-

           To specify arguments, the pathname should point  to  a
           shell  script  that  is written to execute the command
           with the desired argument.  In  a  Bourne  shell,  the
           effective  UID is reset to the real UID of the process
           when the effective UID is less than 100 and not  equal
           to  the  real  UID.  Depending  on  the  euid and egid
           values, Bourne  shell  limitations  might  make  other
           shells  preferable. To prevent the effective UIDs from
           being reset to real UIDs, you  can  start  the  script
           with the -p option:

     #!/bin/sh -p

     attr  An optional list of semicolon-separated (;)  key-value
           pairs  that  describe the security attributes to apply
           to the object upon execution. Zero or more keys may be
           specified.  The list of valid key words depends on the
           policy enforced. The following key  words  are  valid:
           euid, uid, egid, and gid.

           euid and uid contain a single user name or  a  numeric
           user  ID.  Commands  designated with euid run with the
           effective UID indicated, which is similar  to  setting
           the  setuid bit on an executable file. Commands desig-
           nated with uid run with both the  real  and  effective
           UIDs. Setting uid may be more appropriate than setting
           the euid on privileged shell scripts.

           egid and gid contain a single group name or a  numeric
           group  ID.  Commands designated with egid run with the
           effective GID indicated, which is similar  to  setting
           the setgid bit on a file. Commands designated with gid
           run with both the real and effective GIDs. Setting gid
           may   be   more   appropriate  than  setting  guid  on
           privileged shell scripts.


     Example 1: Using effective user and group IDs

     The following example shows the audit command  specified  in
     the  Audit Control profile to execute with an effective user
     ID of root (0) and effective group ID of bin (3):

     Audit Control:suser:cmd:::/etc/init.d/audit:euid=0;egid=3






     When  deciding  which  authorization  source  to  use   (see
     DESCRIPTION),  keep  in  mind  that  NIS+  provides stronger
     authentication than NIS.

     Because the list of legal keys is likely to expand, any code
     that  parses this database must be written to ignore unknown
     key-value pairs without error. When  any  new  keywords  are
     created,  the names should be prefixed with a unique string,
     such as the company's stock symbol, to avoid potential  nam-
     ing conflicts.

     The following characters are used in describing the database
     format and must be escaped with a backslash if used as data:
     colon (:), semicolon (;), equals (=), and backslash (\).


     auths(1),      profiles(1),      roles(1),      makedbm(1M),
     getauthattr(3SECDB),                     getauusernam(3BSM),
     getexecattr(3SECDB),                    getprofattr(3SECDB),
     getuserattr(3SECDB),     kva_match(3SECDB),    auth_attr(4),
     prof_attr(4), user_attr(4)

Man(1) output converted with man2html