io-lx-public Wdiff usr/src/man/man1/pfexec.1

Print this page

OS-5440 pfexec and the case of the missing error message
Reviewed by: Joshua M. Clulow <jmc@joyent.com>
Reviewed by: Patrick Mooney <patrick.mooney@joyent.com>

Split	Close
Expand all
Collapse all

          --- old/usr/src/man/man1/pfexec.1.man.txt
          +++ new/usr/src/man/man1/pfexec.1.man.txt

   1    1  PFEXEC(1)                        User Commands                       PFEXEC(1)
   2    2  
   3    3  
   4    4  
   5    5  NAME
   6    6         pfexec, pfsh, pfcsh, pfksh - execute a command in a profile
   7    7  
   8    8  SYNOPSIS
   9    9         /usr/bin/pfexec command
  10   10  
  11   11  
  12   12         /usr/bin/pfexec -P privspec command [ arg ]...
  13   13  
  14   14  
  15   15         /usr/bin/pfsh [ options ] [ argument ]...
  16   16  
  17   17  
  18   18         /usr/bin/pfcsh [ options ] [ argument ]...
  19   19  
  20   20  
  21   21         /usr/bin/pfksh [ options ] [ argument ]...
  22   22  
  23   23  
  24   24  DESCRIPTION
  25   25         The pfexec program is used to execute commands with the attributes
  26   26         specified by the user's profiles in the exec_attr(4) database. It is
  27   27         invoked by the profile shells, pfsh, pfcsh, and pfksh which are linked
  28   28         to the Bourne shell, C shell, and Korn shell, respectively.
  29   29  
  30   30  
  31   31         Profiles are searched in the order specified in the user's entry in the
  32   32         user_attr(4) database. If the same command appears in more than one
  33   33         profile, the profile shell uses the first matching entry.

↓ open down ↓

33 lines elided

↑ open up ↑

  34   34  
  35   35  
  36   36         The second form, pfexec -P privspec, allows a user to obtain the
  37   37         additional privileges awarded to the user's profiles in prof_attr(4).
  38   38         The privileges specification on the commands line is parsed using
  39   39         priv_str_to_set(3C). The resulting privileges are intersected with the
  40   40         union of the privileges specified using the "privs" keyword in
  41   41         prof_attr(4) for all the user's profiles and added to the inheritable
  42   42         set before executing the command.
  43   43  
       44 +
       45 +       For pfexec to function correctly, the pfexecd daemon must be running in
       46 +       the current zone. This is normally managed by the
       47 +       "svc:/system/pfexec:default" SMF service (see smf(5)).
       48 +
  44   49  USAGE
  45   50         pfexec is used to execute commands with predefined process attributes,
  46   51         such as specific user or group IDs.
  47   52  
  48   53  
  49   54         Refer to the sh(1), csh(1), and ksh(1) man pages for complete usage
  50   55         descriptions of the profile shells.
  51   56  
  52   57  EXAMPLES
  53   58         Example 1 Obtaining additional user privileges

  54   59  
  55   60           example% pfexec -P all chown user file
  56   61  
  57   62  
  58   63  
  59   64  
  60   65         This command runs chown user file with all privileges assigned to the
  61   66         current user, not necessarily all privileges.
  62   67  
  63   68  
  64   69  EXIT STATUS
  65   70         The following exit values are returned:
  66   71

↓ open down ↓

13 lines elided

↑ open up ↑

  67   72         0
  68   73               Successful completion.
  69   74  
  70   75  
  71   76         1
  72   77               An error occurred.
  73   78  
  74   79  
  75   80  SEE ALSO
  76   81         csh(1), ksh(1), profiles(1), sh(1), exec_attr(4), prof_attr(4),
  77      -       user_attr(4), attributes(5)
       82 +       user_attr(4), attributes(5), smf(5)
  78   83  
  79   84  
  80   85  
  81   86                                   March 3, 2003                       PFEXEC(1)

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX