authorize(F)
authorize --
subsystem authorization file
Format
authorization:[secondary_authorization,...]
Description
The authorize file (/etc/auth/system/authorize)
contains subsystem authorizations
supported by the system. Each unique authorization
must be defined in this file in order to be
used by an application.
An authorization may specify optional secondary subsystem
authorizations (secondary_authorization) that subdivide the
facilities controlled by the primary authorization; having
the primary authorization implies that its secondary
authorizations are also in effect.
The list of supported subsystem authorizations
can vary according to the system configuration.
Subsystem authorizations can be added
dynamically by editing authorize.
The following authorizations are supported:
audit-
allows a user to perform audit subsystem administration;
audit has the following default secondary authorization:
audittrail-
allows a user to view those portions of the audit trail generated
by their own processes
auth -
allows a user to perform authentication subsystem administration;
auth has the following default secondary authorizations:
passwd-
allows a user to change the password of any account provided that
account does not have the auth authorization
su -
allows a user to
su
to any account for which the password is known
backup-
allows a user to perform backup subsystem administration;
backup has the following default secondary authorizations:
create_backup-
allows a user to create backups
queryspace -
allows a user to use the
df
command
restore-
allows a user to restore from backups
cron -
allows a user to act as
cron
subsystem administrator
lp-
allows a user to act as line printer subsystem administrator;
lp has the following default secondary authorizations:
printerstat -
allows a user to enable and disable printers
printqueue -
allows a user to list the jobs in the printer queue
mem-
allows a user to view system process data for all processes
root-
allows a user to run the
asroot
command;
root has the following removable default
secondary authorization:
shutdown-
allows a user to run the
shutdown
command via asroot
sysadmin-
not currently used; included for backwards compatibility
terminal -
allows a user to override message filtering when sending data to
another user's terminal
uucp-
not currently used; included for backwards compatibility
Examples
The following entry from authorize means that
users given lp authorization will
also have printqueue and printerstat
secondary authorization:
lp:printqueue,printerstat
Warning
Primary and secondary authorizations must
never be deleted from authorize as shipped;
authorizations may only be added to the base set. Note
that shutdown is the only exception and may
be removed if necessary.
Limitations
The total number of primary and secondary authorizations
specified must not exceed 32. This limit is imposed by the
current implementation.
Files
/etc/auth/system/authorize-
subsystem authorizations database
See also
asroot(ADM),
cron(C),
df(C),
shutdown(ADM),
su(C),
subsystem(M)
Standards conformance
authorize is not part of any currently supported
standard; it is an extension of AT&T System V provided by
The Santa Cruz Operation, Inc.
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 03 June 2005