exec_attr Database (System Administration Guide: Security Services)

System Administration Guide: Security Services

`exec_attr` Database

The exec_attr database defines commands that require security attributes to succeed. The commands are part of a rights profile. A command with its security attributes can be run by roles to whom the profile is assigned.

The fields in the exec_attr database are separated by colons, as follows:

name:policy:type:res1:res2:id:attr

The fields have the following meanings.

profname

The name of the rights profile. Rights profile names are case-sensitive. The name refers to a profile in the prof_attr database.

policy

The security policy that is associated with this entry. Currently, suser and solaris are the valid entries. The solaris policy recognizes privileges. The suser policy does not.

type

The type of entity that is specified. Currently, the only valid entity type is cmd (command).

res1:res2

Reserved for future use.

id

A string that identifies the entity. Commands should have the full path or a path with a wildcard (*). To specify arguments, write a script with the arguments and point the id to the script.

attr

An optional list of semicolon (;) separated key-value pairs that describes the security attributes to apply to the entity on execution. Zero or more keys can be specified. The list of valid keywords depends on the policy that is enforced.

For the suser policy, the four valid keys are euid, uid, egid, and gid.

The euid and uid keywords contain a single user name or a numeric user ID (UID). Commands that are designated with euid run with the supplied UID, which is similar to setting the setuid bit on an executable file. Commands that are designated with uid run with both the real UID and the effective UID.
The egid and gid keywords contain a single group name or numeric group ID (GID). Commands that are designated with egid run with the supplied GID, which is similar to setting the setgid bit on an executable file. Commands that are designated with gid run with both the real GID and the effective GID.

For the solaris policy, the valid keyword is privs. The value consists of a list of privileges that are separated by commas.

The following example shows some typical values from an exec_attr database:

% grep 'File System Management' /etc/security/exec_attr
File System Management:suser:cmd:::/usr/sbin/ff:euid=0
File System Management:solaris:cmd:::/usr/sbin/mount:privs=sys_mount
…