To Give Forced Privileges to a Command
An executable file with forced privileges runs with those privileges when invoked in a profile shell by any user or role.
-
Assume the Security Administrator role and go to an
ADMIN_LOWworkspace.A file's owner or a user with the Act as File Owner authorization can also add privileges to an executable at a label within the user or role's accreditation range.
-
Navigate to the file's directory, and make sure the file is executable.
If the file is not an executable and it should be, change permissions to make it executable, as in:
$ chmod 755 filename
-
Give the command allowed privileges equal to the forced privileges you plan to assign.
If you are using the File Manager Permissions dialog box, click the Allowed button, assign Allowed Privileges, and then click the Forced button to assign the Forced Privileges.
The following example shows using the setfpriv(1) command to set
file_dac_readandfile_dac_writeas allowed and forced privileges.
$ setfpriv -s -f file_dac_read,file_dac_write \ -a file_dac_read,file_dac_write test.priv.file
- © 2010, Oracle Corporation and/or its affiliates