NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | WARNINGS | FILES | ATTRIBUTES | SEE ALSO | BUGS
/etc/security
The security file is used by C_INIT(1M) and has two main purposes:
C_INIT
Each line of the file has the following format:
username:trusted:uid:gid:add_groups_list:rem_hosts_list:password_not_encrypted
where:
The user's name.
This field corresponds to the remote user's login name on the remote host. The wild character '*' may be used to describe all other users.
The user's privilege.
If this field is the "TRUSTED" string, the user is trusted and has access to the full set of C_INIT
commands. In any other case, the user is declared as non-trusted, and has restricted access to this set of commands.
The user's numerical ID.
If this field is empty, the user's id will take the default configuration value; see C_INIT(1CC).
The group's numerical ID.
If this field is empty, the group's id will take the default configuration value; see C_INIT(1CC).
Additional groups list.
This field is a list of supplementary groups, separated by commas. It may be empty.
Authorized remote hosts list.
This field contains the list of remote hosts authorized to issue C_INIT
commands for the user username. Items are separated by commas, and hosts are identified by addresses using the dot (".") Internet notation. The wild character "*" denotes all hosts. You can explicitly deny the access to a user by leaving this field empty.
Password for username.
This field contains a single string representing the password for username. Note that this field is not encrypted, so if a user has access to the /etc/security file, they can read all passwords.
If the field is empty, the password is NULL. Some utilities, such as ftpd(1M) cannot enable secure mode for users who do not have passwords.
A hash ("#") at the beginning of a line indicates a comment; comments are not interpreted.
smith:TRUSTED:256:300::* # trusted user from any host john::257:300:301,302:192.33.12.1 # non trusted from a particular host foobar::258:305: # non authorized user *:::::* # all others: non trusted from any host
The authentication procedure succeeds or fails as soon as a matching user entry is found. The order of entries is therefore important.
/etc/security
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
---|---|
Interface Stability | Evolving |
A trusted user who is not root has root permissions when using the built-in C_INIT(1M) command, ifconfig. This is not the case when using the ifconfig.r actor.
NAME | SYNOPSIS | DESCRIPTION | EXAMPLES | WARNINGS | FILES | ATTRIBUTES | SEE ALSO | BUGS