Trusted Solaris Developer's Guide

Commands for File Sets

To set and get the file privilege sets from the command line, use setfpriv(1) and getfpriv(1). The file_setpriv privilege is required with setfpriv(1) so this command must be executed from the profile shell with this privilege. See "Assigning File Privileges using a Script" for information on using setfpriv(1) in a script.

This command line sets the file privilege sets on executable for the examples in this chapter. When you specify more than one privilege, the names are separated by commas with no spaces. If you want to use spaces, enclose the privilege names in double quotes ("privilege1, privilege2").


phoenix% setfpriv -s -f file_setpriv \
-a file_mac_write,proc_setid,file_setpriv executable

This command line produces output to verify the file privilege sets were set:


phoenix% getfpriv executable
executable FORCED: file_setpriv 
ALLOWED: file_mac_write,file_setpriv,proc_setid