This section lists other commands available for administering the Trusted Solaris operating environment.
File privileges and labels can be administered either through the File Manager or the following commands:
getfattrflag(1) - Displays a file's security attributes.
setfattrflag(1) - Sets a file's security attributes.
getfpriv(1) - Displays getting an executable file's forced and allowed privileges.
setfpriv(1) - Sets an executable file's forced and allowed privileges.
testfpriv(1) - Checks an executable file's forced and allowed privilege sets.
The following commands are for administering attributes on file systems.
getfsattr(1M) - Displays the security attributes of a file system.
getfsattr_ufs(1M) - Displays the security attributes of a UFS file system.
setfsattr(1M) - Sets the security attributes on a file system. The file system should be unmounted first.
newsecfs(1M) - Sets security attributes on a new file system.
The following commands are for mounting file systems. Check the Trusted Solaris Summary section of each man page for differences from the Solaris operating environment.
mount(1M) - Requires the sys_mount privilege. Both mandatory and discretionary read access (or overriding privileges) are
required to the mount point and the device being mounted. Depending on the configuration of the vfstab_adjunct file, the process may need some combination of the proc_setsl
and proc_setclr
privileges.
The mount command supports mounts to multilabel directories (MLDs). It has a special option, -S which lets you specify security attributes to be associated with the file system mount (this option requires that you have sufficient clearance for the label specified).
share_nfs(1M) - Provides these options with -S:
dev|nodev - Access to character and block devices is allowed or disallowed. The default is dev.
priv|nopriv - Forced privileges on execution are allowed or disallowed. The default is priv.
Running share_nfs requires the following:
sys_nfs privilege
effective uid 0
process label of [ADMIN_LOW
]
share(1M) - Makes a resource of a specified file system type available for mounting. It requires the sys_nfs privilege.
unshare(1M) - Makes a resource unavailable for mounting. It requires the sys_nfs privilege.
nfsstat(1M) - Displays statistics concerning the NFS and RPC (remote procedure call) interfaces to the kernel. The Trusted Solaris version of the nfsstat command requires that you have the net_config privilege when using the -z option, which reinitializes the statistics.
nfsd(1M) - Handles client file system requests. The Trusted Solaris version of the nfsd command requires the sys_nfs and net_mac_read privileges to run.
The following commands are for managing processes:
pattr(1) - Displays the viewable Process Attribute Flags of the current process or a process specified by pid. Those flags that cannot be viewed normally can be viewed with privilege.
pclear(1) - Displays the clearance at which the selected process is running.
plabel(1) - Displays the CMW label (that is, combined sensitivity label and information label) for the process.
ppriv(1) - Displays the effective privileges of a process.
pprivtest(1) - Tests to see if the specified privileges are currently in effect.