Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
HP-UX Reference > S

setfilexsec(1M)

HP-UX 11i Version 3: February 2007
» 

Technical documentation

» Feedback
Content starts here

 » Table of Contents

 » Index

NAME

setfilexsec — set extended security attributes on a binary file

SYNOPSIS

setfilexsec -d filename

setfilexsec -D absolutepath

setfilexsec [-c compartmentname] [-f flags] [-p privs] [-P privs] [-r privs] [-R privs] filename

DESCRIPTION

setfilexsec sets various extended security attributes of binary files. The attributes currently include retained privileges, permitted privileges, compartment, and the privilege start flag. See privileges(5) and execve(2) for a description of these attributes. The security attributes are stored in a configuration file and maintain persistence across reboot. The attributes are stored in a configuration file and loaded when the system reboots.

Options

setfilexsec recognizes the following options:

-c

Sets the compartment name for the binary executable file.

-d

Deletes any security information for the file from the configuration file and the kernel.

-D

Delete any security information for the file given by absolutepath from the configuration file only. This is used to clear attributes of a deleted file.

-f

Sets the security attribute flags. The only defined flag is the privilege start flag.

The privilege_start flag must be either start_full or start_nil. If the value is start_full, when the binary is executed, the process' effective privileges are set to the newly computed permitted privilege set. If the value is start_nil, when the binary file is executed, the process' effective privileges are set to nil (no privileges). If this option is not specified and the process start flag is not already set for the binary file, the flag is set to start_nil.

-p

Adds or changes the minimum permitted privileges. This must be a subset of the maximum permitted privileges.

-P

Adds or changes the maximum permitted privileges. This must be equal to or a superset of the minimum permitted privileges, minimum retained privileges, and maximum retained privileges.

-r

Adds or changes the minimum retained privileges. This must be a subset of the maximum retained privileges as well as minimum permitted privileges.

-R

Adds or changes the maximum retained privileges. This must be equal to or a superset of the minimum retained privileges. This set must also be a subset of the maximum permitted privileges.

For the third form of the command, if any of the options are not specified, setfilexsec takes the following action:

  • If the binary's extended attributes are already set (e.g., through a previous invocation of the setfilexsec command), the previous value for the option is used.

  • If the binary's extended attributes are not set, they default to null (i.e., empty sets for privileges and empty value for compartment).

Option Arguments

privs

This is a list of privileges seperated by comma (,). See the desciption of priv_list argument in priv_str_to_set(3).

compartmentname

This must be a valid compartment on the system or an empty string (""). If it is an an empty string, the compartment part of the security attributes are cleared.

Operands

setfilexsec recognizes the following operands:

filename

A binary executable. Extended attributes set on executable scripts are ignored by the kernel.

Security Restrictions

The caller must have the following authorization:

hpux.security.xsec.filexsec.unrestricted —or— hpux.security.xsec.filexsec.restricted

RETURN VALUE

setfilexsec returns the following values:

0

Successful completion. The security attributes are updated successfully.

>0

An error occurs. An error can be caused by an invalid option, an invalid argument, or insufficient permissions for the user to perform the operation.

EXAMPLES

Example 1: Add a security attributes entry for the binary executable /web/java for the first time:

setfilexsec -r cmptread \ -R policy,!changecmpt -p cmptread,cmptwrite \ -P policy -f start_nil -c web /web/java

  • The Example 1 command has the following effect:

  • When a process performs a exec() of the binary /web/java, the process's attributes are modified as follows:

    • The retained privilege set includes at least cmptread and cmptwrite.

    • The retained privilege set does not include dacwrite.

    • The permitted privilege set includes at least cmptread.

    • The permitted privilege set is equal to the policy privilege set (depends on the inheritable set before the exec()).

    • The process changes its compartment to web.

    • Since the process is privilege-aware, the effective privilege set is empty (and the application /web/java may raise the privileges in the permitted privilege set at run time).

Example 2: Modify the minimum retained privilege set and flags for the same binary:

  • setfilexsec -r cmptwrite -f start_full /web/java

  • Because the start_full flag is specified, the effective privilege set is equal to the permitted privilege set (the application presumably does not manipulate the privileges at run time).

Example 3: Delete all extended security attributes for the same binary:

setfilexsec -d /web/jar

WARNINGS

If a binary file that has extended security attributes set is modified or replaced, the attributes are no longer applied for that file, but are still present in system tables. On reboot, the system would detect that the file contents have changed using a simple checksum mechanism. Upon detecting such a scenario, the attributes of the file are ignored and an error message is issued corresponding to the file entry. For proper operation, when a file is modified, run setfilexsec -d to remove the extended attributes instead of relying on the checksum mechanism.

When replacing a binary, in order to retain the privileges on the binary, run setfilexsec -d first to remove the prior privilege attributes, replace the binary, and then run setfilexsec to re-assign attributes.

Note that the NFS protocol is not extended to support extended security attributes. Hence the NFS mounted binaries should not be configured with any extended security attributes.

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1983-2007 Hewlett-Packard Development Company, L.P.