privrun man page on HP-UX

Man page or keyword search:  
man Server   10987 pages
apropos Keyword Search (all sections)
Output format
HP-UX logo
[printable version]

privrun(1M)							   privrun(1M)

NAME
       privrun	-  invoke another application with privileges after performing
       appropriate authorization checks and  optionally	 reauthenticating  the
       user

SYNOPSIS
       authorization]  compartment]  [gid|groupname]]  [gid|groupname]] privi‐
	      leges] [uid|username]] [uid|username]] command [args]

DESCRIPTION
       allows a user to	 run  legacy  applications  with  elevated  privileges
       according  to  the  authorizations associated with that user.  The user
       invokes specifying the legacy application as  command  line  arguments.
       consults	 the  database to determine which authorization is required to
       run the command with  additional	 privileges.   (The  authorization  is
       specified  as  an  operation and a target object.)  If the user has the
       necessary authorization, invokes the specified command  after  changing
       its UID and/or GID as specified in the database.	 also allows a command
       to be run with a specified set of fine-grained privileges, and/or in  a
       specified compartment.

       The  method  to determine whether the user has the necessary authoriza‐
       tion is configurable by the system administrator.  A module is provided
       to  associate  a fixed set of authorizations with the user based on the
       user's role.  See rbac(5) for more information.

   Options
       recognizes the following options:

       Match only those entries requiring the specified authorization.
	      authorization is defined as pairs in the database.   The	speci‐
	      fied  authorization must exactly match the authorization present
	      in the file (that is, wildcarding not supported.)

       Matches the specified compartment in the
	      database.	 The specified compartment must exactly match the com‐
	      partment present in the file.

       Match only those entries containing the effective group ID (EGID)
	      corresponding  to the specified EGID or the EGID associated with
	      the group name.

       Match only those entries containing the real group ID (RGID)
	      corresponding to the specified RGID or the RGID associated  with
	      the group name

       Prints usage or help.

       Matches the specified privileges to the privileges in the
	      database.	  When	specifying  multiple privileges, separate each
	      privilege with a comma.  Any privileges specified	 with  option,
	      must have a match in the database.

       Check to see if the user has the authorization to execute the
	      command  and  inform  the user of the results.  The command will
	      not be invoked.

       Match only those entries containing the effective user ID (EUID) corre‐
       sponding
	      to the specified EUID or the EUID associated with the user name.

       Match only those entries containing the real user ID (RUID) correspond‐
       ing
	      to the specified RUID or the RUID associated with the user name.

       Invoke in verbose mode.	The verbose level will	be  increased  if  two
	      options  are  specified.	 An increased verbose level will print
	      more information.

       If the authorization check fails, the program will still be
	      executed with original caller's privileges only.

   Operands
       recognizes the following operands:

       command [args]	   The HP-UX command to run.  command  must  be	 fully
			   qualified.  If it is not, then will use the current
			   working directory and the environment  variable  to
			   determine  the desired command.  args specifies any
			   argument that the command recognizes.

   The cmd_priv Database
       The file contains information on which authorizations are  required  to
       execute	each  command  binary,	or  edit  each	file.  It also has the
       resulting privileges (real, effective UID and GID, fine-grained	privi‐
       leges,  compartment)  associated	 with  the  binary.   If  the  user is
       required to reauthenticate prior to  successful	authorization,	a  PAM
       service	name  is specified in this file and indicates how should iden‐
       tify itself to PAM.  See pam.conf(4) for more detailed information.

       The file contains any number of entries, where each entry is  specified
       on a single line in the following format:

       {command|file}

       These fields are defined as follows:
       Field Description

       command|file
	      For  the	fully  qualified  path of the command being wrapped to
	      provide additional privileges.

	      For the fully qualified path of a file to edit.

	      This field may contain wildcards as defined in fnmatch(3C).

       arguments
	      The exact set of arguments (matched as a string) the  user  must
	      invoke.	If this field is empty, the command may not be invoked
	      with any arguments.  If this  field  contains  the  keyword  the
	      specified command may be invoked with any arguments.  This field
	      is only used by and ignored by

       The operation the user is required to have on the object specified.
	      Together, the forms the authorization.  operation must be	 fully
	      qualified and cannot contain a wild card

	      An  entry	 of in object requires that the user has the specified
	      operation on all objects.	 (Note: This is satisfied by a	speci‐
	      fication of in the database if RBAC is in use.)

	      This  field  may	contain the keyword instead of which indicates
	      that no access check is required and the command is invoked with
	      privilege for any user.

       Real/Effective UID/GID.
	      Part  of the privileges granted to the wrapped command (process)
	      if the user has the specified authorization.  If	any  of	 these
	      fields  are  specified,  calls  or  before invoking the command.
	      These fields can also be specified by name, in which case a con‐
	      version  will  be	 performed  at invocation time.	 This field is
	      only used by and ignored by

	      The UID and GID specifications in this field are	optional.   No
	      ID  present indicates the field is to remain unchanged; however,
	      the slash characters separating the IDs must remain.

       compartment
	      Compartment to invoke  application  in.	A  compartment	is  an
	      attribute	 associated with a process to compartmentalize differ‐
	      ent OS processes.	 If compartments are not enabled on  the  sys‐
	      tem,  this  field	 should	 be  set to An error may occur if this
	      field is left empty.  Refer to compartments(5) for more informa‐
	      tion on compartments.  This field is only used by and ignored by

       privs  Fine-grained  privileges	to  be	associated with at invocation.
	      These privileges may be used in lieu of to perform specific ker‐
	      nel operations.  If the field is set to basic privileges will be
	      granted  to  the	process.   Refer  to  privileges(5)  for  more
	      detailed information.  This field is only used by and ignored by

       pam-service
	      Reauthentication	service.  If specified, the user will be reau‐
	      thenticated.  The command will identify itself  to  PAM  as  the
	      service indicated in this field.	This allows the security offi‐
	      cer to require an additional set of restrictions for  particular
	      commands.	 See pam.conf(4) for a list of PAM services.

	      The  keyword must be used to indicate that no reauthorization is
	      required.

       flags  This field is used by both and In	 there	is  only  one  defined
	      flag.   If the flag is set to then none of the environment vari‐
	      ables,  other  than  insecure  environment  variables  will   be
	      scrubbed.

	      considers	 the following environment variables insecure and will
	      drop them even if the flag is set:

	      For the flag usage in please see privedit(1M) for more  details.
	      is expected to appear in this field for the command.

       White  space  between  each field and immediately surrounding the colon
       field separator is optional and ignored by the command.

       There can be multiple entries  in  with	the  same  command  line,  but
       requiring  different authorizations required and resulting in different
       privileges.  evaluates each entry in the order specified in  the	 file,
       continuing  on  to the next only if the user does not have the required
       authorization.  If you want to match a particular entry in use  command
       options to specify the set of privileges for the desired entry.

EXTERNAL INFLUENCES
   Environment Variables
       determines the language in which messages are displayed.

   International Code Set Support
       Single-byte character code set is supported.

RETURN VALUE
       Success	 If permitted the user to execute the program, then the return
		 value from will be the return value of the program executed.

       Failure	 returns a value of and an appropriate error message  will  be
		 printed to stderr.

EXAMPLES
   Example 1
       In  the	following  example, the caller invokes to execute the command,
       with as the argument to the command.

       examines the database for an entry corresponding to the command If this
       entry is found, then the necessary authorization is retrieved from that
       entry.  invokes the command if the user has  the	 necessary  authoriza‐
       tion.

       In  the	following  example,  the caller wants to change the UID of the
       calling process to 28 change the GID of the calling  process  to	 other
       and execute the command

       If  an entry exists for the command with the associated EUID set to 28,
       and the EGID set to the EGID corresponding to the group name the	 usual
       authorization  and  invocation  process occurs.	If this entry does not
       exist, (even if an entry for appears with different  associated	privi‐
       leges (EUID/EGID)), the command fails and prints an error message.

   Example 2
       In  the	following  example,  the  caller  wants to execute the command
       within compartment

       If an entry exists for the command with the  compartment	 specified  as
       then  the  command  will be executed in the compartment.	 If this entry
       does not exist, (even if an entry for appears with  different  compart‐
       ment specification), the command fails and prints an error message.

FILES
       Database containing valid definitions of all roles.

       Database containing definitions of all valid authorizations.

       Database specifying the roles for each specified user.

       Database defining the authorizations for each role.

       Database	 defining the authorization information needed to execute com‐
       mands
	      and and edit files under access control.

SEE ALSO
       authadm(1M), cmdprivadm(1M), cmpt_tune(1M), rbacdbchk(1M), roleadm(1M),
       compartments(5), privileges(5), rbac(5).

								   privrun(1M)
[top]

List of man pages available for HP-UX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net