Index Index for
Section 4
Index Alphabetical
listing for F
Bottom of page Bottom of
page		 

files(4)


NAME

  files - File control database (Enhanced Security)


DESCRIPTION

  The file control database (/etc/auth/system/files) is designed to help the
  Information System Security Officer (ISSO) maintain the integrity of the
  system. The database contains entries for system data files and executable
  files that require certain attributes. Some files require certain
  attributes to provide protection against unauthorized access, while others
  require a specific set of attributes to accomplish their intended function.

  The database is used by the library routine create_file_securely() to
  determine the set of attributes for a newly created file. Many programs
  associated with the trusted computing base (TCB) use this library routine
  for file creation to ensure that file attributes are set correctly.

  A broad range of attributes can be specified in the file control database.
  Specific choices depend upon the exact system configuration. These choices
  are as follows:

  f_owner
      This field specifies the owner name for the entry. If an owner name is
      not specified and the entry is created using create_file_securely(),
      the owner of the file will be the real user ID of the process creating
      the file.

  f_group
      This field specifies the group name for the entry. If a group name is
      not specified and the entry is created using create_file_securely(),
      the group of the file will be the real group ID of the process creating
      the file.

  f_mode
      This field specifies the mode word for the entry. If the mode word is
      not specified and create_file_securely() is used to create the entry, a
      mode word of 0 (zero) is assigned to the new file.

  f_type
      This field identifies the type of the entry. This field is not taken
      into account by create_file_securely() when a file is being created.
      The library routine will only create regular files.  Choices for the
      type field are as follows:

      r	  Regular file

      d	  Directory

      f	  FIFO device (pipe)

      c	  Character special device

      b	  Block special device

      s	  Socket


EXAMPLES

  The following example is a typical file control database entry for the
  program /sbin/newfs:

       /sbin/newfs:f_owner=root:f_group=bin:\
	       :f_type=r:f_mode#04111:\
	       :chkent:

  This entry specifies that the newfs program has bin as its owner and group,
  that it is a regular file, and that its mode is 0111.

  The following example shows an entry for a site-specific directory that
  contains help files for an application:

       /appl/help_files:f_owner=appadmin:f_group=appl:\
	       :f_type=d:f_mode#0750:\
	       :chkent;

  This entry specifies the owner of the /appl/help_files directory as
  appadmin, the group as appl, and the mode as 0750.


FILES

  /etc/auth/system/files
      Specifies the pathname of the file control database.


SEE ALSO

  Functions: getprfient(3)

  Files: authcap(4)

Index Index for
Section 4
Index Alphabetical
listing for F
Top of page Top of
page