Using a secure system


The security mechanism has two types of authorization: kernel and subsystem. A kernel privilege allows you to run specific processes on the operating system. A subsystem authorization allows you to use the commands of a specific protected subsystem.

The kernel privileges are as follows:

allows you to run SUID (set user ID) programs. An SUID program gains access to all the files, processes, and resources belonging to the person running the program and the owner of the program file.

allows you to change the setuid and setgid attributes of a file or directory, using the chmod(C) command. Without this permission you cannot create SUID files, which grant the permissions of the owner of the file to whoever executes them, as described in ``Access control for files and directories''.

allows you to change the ownership of files using the chown(C) command.

Other kernel privileges include suspendaudit, configaudit, and writeaudit.

There are two levels of subsystem authorization: primary and secondary. Primary authorizations are given to administrators and are fully described in the System Administration Guide. However, they can be given to ordinary users as well. Some primary authorizations are:

allows you to use ps(C) to check the status of other users' processes, and ipcs(ADM) to report the status of interprocess communication. Without this authorization, you can only use these commands to report on processes belonging to you.

allows you to use write(C) to communicate with other users. If you use write without the authorization, any control codes and escape sequences in your message are converted to printable characters.
Other primary authorizations include audit, auth, backup, cron, lp, sysadmin, and root. (See authorize(F) for information on these authorizations.)

A secondary subsystem authorization allows you to use a subset of the commands of a subsystem as an ordinary user (that is, you are not given administrative privilege). Secondary authorizations are described below:

allows the use of the audit subsystem to monitor your own activities only. This can be useful for debugging of programs because a detailed record of system calls is generated by the audit daemon. For more information, see ``Using the audit subsystem'' in the System Administration Guide.

allows you to view other users' jobs on the print queue.

allows you to use enable(C) and disable(C) to change the status of printers.

allows you to use df(C) to query the amount of space available on the filesystems.

allows you to use su(C) to access another account (including root). Without this authorization, users can only access their own accounts.
Other secondary authorizations include passwd, create_backup, restore_backup, and shutdown.

Next topic: Listing authorizations and running authorized commands
Previous topic: Using commands on a trusted system

© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003