NAME | SYNOPSIS | DESCRIPTION | ATTRIBUTES | EXAMPLES | RETURN VALUES | SEE ALSO
setfpriv changes the privilege sets of a file or files. The setfpriv command needs the file_setpriv
privilege to succeed. Only the owner of a file can change the privilege sets associated with that file unless the command
has the file_owner
privilege. The user must have MAC write permission. DAC write permission is not required.
Refer to setfpriv(2) for a complete description of conditions to satisfy and privileges needed to execute this command.
The -s option sets the privileges to the entries specified on the command line. The -d option deletes one or more specified privileges from the file's privilege set. The -m option adds one or more specified privileges to the file's privilege set. One and only one of the options -s,-m, or -d must be specified.
The -a option specifies that a set of allowed privileges is to be set. The -f option specifies that a set of forced privileges is to be set. privseta and privsetf are one of these:
A comma-separated list of privilege names as found in /usr/lib/tsol/locale/locale_name/priv_name. See the priv_desc(4) man page.
A comma-separated list of numeric privilege IDs as found in </usr/include/sys/tsol/priv_names.h>.
The keyword all to indicate all privileges.
The keyword none to indicate an empty privilege set.
One or both of the options -a and -f must be specified, each followed by a privilege set. No white space may exist in a privilege-set list.
An attempt to assert a privilege in a file's forced set is denied unless that privilege is also asserted in the file's allowed set. All privileges cleared from a file's allowed set are automatically cleared from the file's forced set. It is not an error to attempt to clear a privilege from a set in which it is already cleared.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
---|---|
Availability | SUNWtsu |
Setting privileges in the forced set requires that those privileges be set in the file's allowed set.
example% setfpriv -s -a all file1 |
Both the file's allowed and forced privilege sets can be set at the same time. To set all allowed privileges and a set of forced privileges on a file:
example% setfpriv -s -a all -f p1,p2,p3 file1 |
example% setfpriv -s -a p1,p2,p3 file2 |
example% setfpriv -m -f p1,p2,p3 file3 |
example% setfpriv -d -f p1,p2,p3 file4 |
example% setfpriv -s -a`getfpriv -s -a file4` file5 |
setfpriv exits with one of the following values:
Successful completion.
Unsuccessful completion.
NAME | SYNOPSIS | DESCRIPTION | ATTRIBUTES | EXAMPLES | RETURN VALUES | SEE ALSO