Privileges and the filepriv command
NOTE:
If you modify in any way a file with privileges
associated with it,
those privileges are removed and you must re-set the privileges
with the
filepriv
command.
This precludes a malicious user replacing a privileged
program with another program that can then execute with those same
privileges.
Otherwise, a malicious user might somehow replace a command
possessing read privileges with their own program.
Executing that program would allow reading any file on the system.
Since the
privileges disappear when a file is modified, even if the user
could put their program in place, it would not run with privilege.
The
filepriv
command is used to:
-
display privilege information about a file
-
install new programs requiring privileges
-
change privileges on existing files
-
remove privileges on existing files
NOTE:
You must have the
setspriv
privilege when setting or deleting file privileges.
The following subsections explain how to perform
these tasks through examples.
Next topic:
Displaying privilege information
Previous topic:
Privilege initialization at system startup
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004