Assigning File Privileges using a Script

How to write privileged scripts to be deployed and used by others in your organization is described in Trusted Solaris Administrator's Procedures. This section briefly explains how to create a script that uses setfpriv(1) to assign forced and allowed privileges to an executable file for testing and debugging an application during application development.

First of all, the user or role you are working in needs a profile with the setfpriv(1) command and file_setpriv privilege assigned to it. The Object Privilege Management profile in the default system has these. To run the script from any shell and have the commands invoked by the script run under the profile shell and inherit your profile privileges, invoke pfsh(1M) at the top of the script as shown in the example below.

The example assigns forced and allowed privileges to executable. The -s -f options set forced privileges on executable, and the -a option sets allowed privileges on executable. This script will quit with the error: executable: not owner unless the file_setpriv privilege is inherited by the commands.

#/bin/pfsh
setfpriv -s -f 
ipc_mac_write,proc_setsl,sys_trans_label -a 
ipc_mac_write,proc_setsl,sys_trans_label executable

When you use a script to put forced and allowed privileges on an executable file, keep the following points in mind:

• If you remove a privilege from the allowed set specified in the script, you must also remove it from the forced set. If you remove it from the allowed set only, you will see the error: executable: Invalid argument when you run the script.

• If your program inherits privileges, launch it from the command line in the profile shell with the privileges to be inherited.

  • The allowed set of the executable file must have the privileges to be inherited.

  • If your program is going to only inherit privileges, the forced set of the executable file should be empty.

  • If your program takes a different action when a privilege is forced from when it is inherited, launch the program with the privilege in the forced and allowed set, and launch the program again with the privilege in the allowed set from a profile shell that has the privilege to be inherited.

Always test the program at all labels at which it is intended to run.