Table of Contents
Advertisement
cmdprivadm(1M)
NAME
cmdprivadm - noninteractive editing of a command's authorization and privilege information in the
privrun database
SYNOPSIS
option
cmdprivadm add
cmdprivadm delete
DESCRIPTION
is a noninteractive command that allows user with appropriate permission to add or delete
cmdprivadm
a
command
and
/etc/rbac/cmd_priv
When adding a line to the database,
deleting a line, the lines matching all the given option
specified match, the entry will be deleted.
option
cmdprivadm add
Appends a line as specified in option
cmdprivadm delete
Deletes a line as specified in option
HP recommends that only the
view the RBAC databases; do not edit the RBAC files directly.
See rbac(5) for information on the RBAC databases.
Options
The following options are valid option
command
command should include the full path name of the command. There can be one or
cmd=
more arguments following the command.
filename
filename should specify the full path name of a file name.
file=
operation
Specifies the operation.
op=
object=
object
Specifies the object.
ruid
Specifies the real user ID (ruid).
ruid=
euid
Specifies the effective user ID (euid).
euid=
rgid
Specifies the real group ID (rgid).
rgid=
egid=
egid
Specifies the effective group ID (egid).
compartment=
compartment_label
Specifies the compartment.
privs=
comma_separated_privilege_list
Specifies the privileges.
pam_service
re-auth=
Specifies the PAM service name to reauthenticate under. See pam.conf(4) for a list of
PAM services.
comma_separated_flags_list
flags=
Specifies the flags.
Note: You must enclose values that contain the space character, or any characters that may be interpreted
by the shell, with single quotes. For example, if the
single quotes:
cmd='mount -a'
Authorizations:
In order to invoke
cmdprivadm
the appropriate authorizations. The following is a list of the required authorizations for running
HP-UX 11i Version 2: December 2007 Update
value [option
value]...
=
=
option
=
value [option
=
value]...
its
privileges
in
the
. See privrun(1M) for more details on this file.
cmdprivadm
value [option
value]...
=
=
value pairs in the
=
option
value [option
value]...
=
=
=
value pairs from
,
authadm
cmdprivadm
value pairs for
=
, the user must either be root, (running with effective UID of 0), or have
− 1 −
Role-Base
Access
Control
sets fields that are not specified a default value. When
value pairs will be deleted. That is, if all fields
=
/etc/rbac/cmd_priv
/etc/rbac/cmd_priv
, and
commands be used to edit and
roleadm
.
cmdprivadm
has one or more arguments, enclose them with
cmd
Hewlett-Packard Company
cmdprivadm(1M)
(RBAC)
database,
file.
file.
137
c
Advertisement
Table of Contents
