1 '\" te 2 .\" Copyright (c) 2003, Sun Microsystems, Inc. All Rights Reserved 3 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. 4 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. 5 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] 6 .TH PFEXEC 1 "Mar 3, 2003" 7 .SH NAME 8 pfexec, pfsh, pfcsh, pfksh \- execute a command in a profile 9 .SH SYNOPSIS 10 .LP 11 .nf 12 \fB/usr/bin/pfexec\fR \fIcommand\fR 13 .fi 14 15 .LP 16 .nf 17 \fB/usr/bin/pfexec\fR \fB-P\fR \fIprivspec\fR \fIcommand\fR [ \fIarg\fR ]... 18 .fi 19 20 .LP 21 .nf 22 \fB/usr/bin/pfsh\fR [ \fIoptions\fR ] [ \fIargument\fR ]... 23 .fi 24 25 .LP 26 .nf 27 \fB/usr/bin/pfcsh\fR [ \fIoptions\fR ] [ \fIargument\fR ]... 28 .fi 29 30 .LP 31 .nf 32 \fB/usr/bin/pfksh\fR [ \fIoptions\fR ] [ \fIargument\fR ]... 33 .fi 34 35 .SH DESCRIPTION 36 .sp 37 .LP 38 The \fBpfexec\fR program is used to execute commands with the attributes 39 specified by the user's profiles in the \fBexec_attr\fR(4) database. It is 40 invoked by the profile shells, \fBpfsh\fR, \fBpfcsh\fR, and \fBpfksh\fR which 41 are linked to the Bourne shell, C shell, and Korn shell, respectively. 42 .sp 43 .LP 44 Profiles are searched in the order specified in the user's entry in the 45 \fBuser_attr\fR(4) database. If the same command appears in more than one 46 profile, the profile shell uses the first matching entry. 47 .sp 48 .LP 49 The second form, \fBpfexec\fR \fB-P\fR \fIprivspec\fR, allows a user to obtain 50 the additional privileges awarded to the user's profiles in \fBprof_attr\fR(4). 51 The privileges specification on the commands line is parsed using 52 \fBpriv_str_to_set\fR(3C). The resulting privileges are intersected with the 53 union of the privileges specified using the "\fBprivs\fR" keyword in 54 \fBprof_attr\fR(4) for all the user's profiles and added to the inheritable set 55 before executing the command. 56 .sp 57 .LP 58 For \fBpfexec\fR to function correctly, the \fBpfexecd\fR daemon must be running 59 in the current zone. This is normally managed by the 60 "\fBsvc:/system/pfexec:default\fR" SMF service (see \fBsmf\fR(5)). 61 .SH USAGE 62 .sp 63 .LP 64 \fBpfexec\fR is used to execute commands with predefined process attributes, 65 such as specific user or group \fBID\fRs. 66 .sp 67 .LP 68 Refer to the \fBsh\fR(1), \fBcsh\fR(1), and \fBksh\fR(1) man pages for complete 69 usage descriptions of the profile shells. 70 .SH EXAMPLES 71 .LP 72 \fBExample 1 \fRObtaining additional user privileges 73 .sp 74 .in +2 75 .nf 76 example% \fBpfexec -P all chown user file\fR 77 .fi 78 .in -2 79 .sp 80 81 .sp 82 .LP 83 This command runs \fBchown user file\fR with all privileges assigned to the 84 current user, not necessarily all privileges. 85 86 .SH EXIT STATUS 87 .sp 88 .LP 89 The following exit values are returned: 90 .sp 91 .ne 2 92 .na 93 \fB\fB0\fR \fR 94 .ad 95 .RS 6n 96 Successful completion. 97 .RE 98 99 .sp 100 .ne 2 101 .na 102 \fB\fB1\fR \fR 103 .ad 104 .RS 6n 105 An error occurred. 106 .RE 107 108 .SH SEE ALSO 109 .sp 110 .LP 111 \fBcsh\fR(1), \fBksh\fR(1), \fBprofiles\fR(1), \fBsh\fR(1), \fBexec_attr\fR(4), 112 \fBprof_attr\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5), \fBsmf\fR(5)