privedit(1M)privedit(1M)NAMEprivedit - let authorized users edit files that are under access con‐
trol
SYNOPSIS
authorization] file
DESCRIPTION
allows authorized users to edit files that are otherwise restricted by
permissions or access control lists. Identify which file to edit by
specifying the file name as an argument to the command. After you
invoke the command, checks the database to determine the authorization
required to edit the file. If you have the necessary authorization,
invokes the specified editor to edit the file.
You can specify which editor uses to edit the file by setting the envi‐
ronment variable. If you do not set the variable, uses the default
editor, You cannot pass arguments to the editor via the command line.
However, the editor recognizes and supports editor-specific environment
variables if you set them before invoking
You can use a fully qualified file name as a argument to identify which
file to edit. If you do not use a fully qualified file name, adds the
current working directory to the beginning of the file name you spec‐
ify. Regardless of how you specify the file to edit, all file names
are fully qualified after invoking The command also recognizes and sup‐
ports files that are symbolic links.
can edit only one file at a time. If you specify multiple file names
as arguments, edits the first file specified and ignores the subsequent
file names.
The HP-UX RBAC feature also provides the ability to customize how and
check user authorizations. (See privrun(1M).) The Access Control Pol‐
icy Switch (ACPS) module of HP-UX RBAC provides responses to applica‐
tions that must make authorization decisions. The ACPS configuration
file, controls which modules are consulted for making access decisions,
the sequence in which the modules are consulted, and the rules for com‐
bining module responses to return results to applications. See
acps.conf(4), acps(3) and rbac(5) for more information.
Options
recognizes the following options:
Match only those entries requiring the specified authorization.
The specified authorization must exactly match the
authorization present in the database (that is, no
wildcards allowed).
Print usage or help.
Check to see if the user has the authorization to edit the file and
inform the user of the results.
If the authorization check fails, edit the file with the caller's
original privileges.
Invoke in verbose mode.
Operands
recognizes the following operands:
file File to edit.
The cmd_priv Database
As described in privrun(1M), the file contains information indicating
which authorizations are required to execute commands or edit files.
You can also specify a PAM service name in to indicate how should iden‐
tify itself to PAM if a user must be reauthenticated.
The file contains any number of entries, where each entry is specified
on a single line in the following format:
{command|file}
These fields are defined as follows:
Field Description
command | file For the fully qualified path of a file to edit.
This field may contain wildcards as defined in
fnmatch(3C).
arguments Ignored. (Used only by
The operation the user is required to have on the object
specified. Together, the forms the authorization.
operation must be fully qualified and cannot con‐
tain a wild card
in object requires that the user has the specified
operation on all objects. (Note: this is satisfied
by a specification of in the database if RBAC is in
use.)
This field may contain the keyword instead of which
indicates that no access check is required and the
file can be edited with privilege by any user.
Ignored. (Used only by
compartment Ignored. (Used only by
privs Ignored. (Used only by for privileges .)
pam-service Reauthentication service. If specified, the user
is required to reauthenticate. The command identi‐
fies itself to PAM as the service indicated in this
field. This allows the security officer to require
an additional set of authentication/account manage‐
ment restrictions for particular files for editing.
See pam.conf(4) for a list of PAM services.
The keyword must be used to indicate that no reau‐
thorization is required.
flags Flag values can be specified to indicate whether or
not can edit a file. Additional flag values can be
specified to indicate whether can execute a com‐
mand. The specific values allowed are as follows:
The file can be both edited and executed.
This is mainly intended for scripts.
The file cannot be executed.
It can only be edited with
any other token or empty (nothing after the last
":")
The file is a command that can be
executed only. It cannot be edited.
The Authorization field can contain the keyword instead of which indi‐
cates that no access check is required and the command is invoked with
privilege for any user. The UID and GID entry in field 4 is ignored by
but the slash character separating the IDs must remain. The pam ser‐
vice name in field 7 may also be which indicates reauthentication is
not required.
White space between each field (immediately surrounding the field sepa‐
rator in this database is optional and ignored by
There may be multiple entries with the same file line (but different
authorization required). evaluates each entry in the order specified
in the file, continuing on to the next only if the user does not have
the required authorization. The command option described above allows
users to identify a specific authorization to match or find when multi‐
ple entries for the same file exist in the database.
EXTERNAL INFLUENCES
Environment Variables
specifies the default editor.
determines the language in which messages are displayed.
International Code Set Support
Single-byte character code set is supported.
RETURN VALUE
Success If permitted the user to edit the file, then the return value
from is the return value of the editor used to edit the file.
Failure returns a value of and an appropriate error message is
printed to standard error.
EXAMPLES
Example 1
In the following example, the caller invokes to edit
The database is examined for an entry corresponding to the file If this
entry is found, then the necessary authorization is retrieved from that
entry. then determines whether the user has the necessary authoriza‐
tion and whether the file is allowed to be edited as determined by the
value in the flag field. then invokes the editor to edit a copy of as
the original file is never edited directly.
The environment variable determines which editor invokes. If a user
does not set the environment variable, uses the default editor, After
the user exits the editor, the edited file replaces the original file.
The editor is always invoked as the regular user so that there are no
additional privileges given to the user while the file is being edited.
Example 2
In the next example, the caller wants to edit the file with a specific
authorization of
If a entry exists for the file with the associated authorization and
editing is allowed per the flag field, then the usual authoriza‐
tion/edit process takes place. If this entry does not exist, (even if
an entry for appears with different associated authorization then fails
and prints an error message.
FILES
Database containing valid definitions of all roles.
Database containing definitions of all valid authorizations.
Database specifying the roles for each specified user.
Database defining the authorizations for each role.
Database that contains the authorization to execute or edit specified
commands
or files, and the privileges to alter UID and GID
for command execution.
SEE ALSOprivrun(1M), rbacdbchk(1M), acps(3), acps.conf(4), rbac(5).
privedit(1M)
