*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->IRIX man pages -> clearance (4)              
Title
Content
Arch
Section
 

Contents


CLEARANCE(4)							  CLEARANCE(4)


NAME    [Toc]    [Back]

     clearance - user clearance	label information file

DESCRIPTION    [Toc]    [Back]

     The /etc/clearance	file contains the following information	for each user:

     name      User's login name - contains no upper case characters and must
	       not be greater than eight characters long.  The name must be
	       unique.

     default security label
	       It is used as the default label when the	user doesn't specify
	       the label at login time.	 If this field doesn't exist the user
	       will be forced to enter their security label.  This field
	       cannot be a label range.	 This label lie	within the range of
	       the security clearance label field.

     security clearance	label
	       Security	clearance range	or range(s) can	be defined.

     An	entry beginning	with # is ignored as a comment.	 The clearance file is
     an	ASCII character	file.  Each field within an entry is separated from
     the next field by a colon.	 Each user entry is separated from the next by
     a new-line.

     The name field is the key between the the clearance(4) and	the passwd(4)
     file.  So both files need to have entries to validate users.

     The default security label	field is the label at which the	user of	the
     account will login	at if they don't choose	a security label when prompted
     during the	log in process.	If the default security	label field is null
     the user must then	explicitly enter a security label that is valid	label
     in	the security clearance label field before being	allowed	to log in.  A
     security range is not permitted in	the default label field.

     If	the security clearance label field is null, that user will have	an
     invalid label.  A user with an invalid label will not be allowed to log
     in.  If any incorrectly formed security label is detected in the security
     clearance label field the whole field is considered invalid.  Multiple
     security clearance(s) can be declared within the security clearance
     field.  The syntax	for defining multiple security clearance(s) is that a
     blank space separates the security	clearance(s) and three (3) periods
     ("...") defines a security	range.	For example, "dblow...dbadmin" is a
     security range with the lowest label on the right and the highest label
     on	the left.  A single security clearance range can be denoted by using
     the security label	"userlow" or "userlow...userlow".  Single label
     security clearance(s) and security	clearance range(s) can be mixed.

     Because of	the security label information,	access to this file is
     restricted	to trusted programs.





									Page 1






CLEARANCE(4)							  CLEARANCE(4)


EXAMPLES    [Toc]    [Back]

     Here is a example /etc/clearance file :

	  Betty:adminlabel midlabel...highlabel	lowlabel
	  Bubba:lowlabel midlabel adminlabel
	  Bubbles:lowlabel...midlabel highlabel...adminlabel

     Betty is cleared for lowlabel, the	label range from midlabel
     to	highlabel, and adminlabel.  Bubba is cleared for lowlabel,
     midlabel and adminlabel only (notice no clearance ranges).
     Bubbles is	cleared	for the	security ranges	between	lowlabel
     to	midlabel and highlabel to adminlabel.

	  duck:userlow:userlow dblow...dblow
	  bill:userlow dblow...dbadmin

     In	this example, there are	specific entries for users duck
     and bill.	Duck has a security default label of "userlow"
     which must	be a valid label in the	clearance field	and
     has the ability to	login with a security label of "dblow".

     Note : "dblow...dblow" is equal to	"dblow"	since a	single
     security label is really a	security range that only spans
     one security label.

     The bill account has not specified	a default security label
     which means that the account bill must explicitly specify
     the security label	that they wish to login	at.

FILES    [Toc]    [Back]

     /etc/clearance

SEE ALSO    [Toc]    [Back]

      
      
     a64l(3C), crypt(3), fgetpwent(3), getuserinfoent(3), group(4), login(1),
     mac_cleared(3C), netgroup(4) and passwd(4).


									PPPPaaaaggggeeee 2222
[ Back ]
 Similar pages
Name OS Title
mac_cleared IRIX report on user's clearance
sgi_getclearancebyname IRIX get the default and allowed mac label range for a named user
getpwnam Tru64 Access user attribute information in the user database
getpwent_r Tru64 Access user attribute information in the user database
getpwent Tru64 Access user attribute information in the user database
endpwent Tru64 Access user attribute information in the user database
setpwent_r Tru64 Access user attribute information in the user database
endpwent_r Tru64 Access user attribute information in the user database
fgetpwent_r Tru64 Access user attribute information in the user database
getpwnam_r Tru64 Access user attribute information in the user database
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service