Adding a command to the privileged command database

Edit online

You should consider carefully before adding a command to the privileged command database to ensure that the proper authorizations and privileges are assigned.

See the /etc/security/privcmds file for a full description of the attributes that are valid for a command. The following questions can be used as a guide to determine the entry required for a command:
  1. Should an authorization control access to run the command?
    YES
    If the authorization does not exist, create it with the mkauth command. Specify the authorization in the accessauths attribute.
    NO
    If all users should be allowed to run the command, specify the ALLOW_ALL authorization in the accessauths attribute.
  2. Should the owner or group of the command be allowed to run the command even if they do not have the proper authorization?
    YES
    Add the ALLOW_OWNER or ALLOW_GROUP authorization to the list of authorizations in the accessauths attribute.
  3. When the command is executed, does it require an explicit set of privileges?
    YES
    Run the command with various options as the root user with the tracepriv command to determine the required privileges for the innateprivs attribute.
  4. Should users with a specific authorization be granted additional privileges?
    YES
    Specify the additional authorization-privilege pairs in the authprivs attribute.
  5. Does the command need to behave like a SUID or SGID program?
    YES
    Specify the EUID or EGID as appropriate.
  6. Do privileges assigned to the command need to be passed on to child processes?
    YES
    Specify the privileges in the inheritprivs attribute.
  7. Should the effective privilege set of the command be equal to the maximum privilege set at the time the command is invoked?
    YES
    Specify the FSF_EPS flag for the secflags attribute.
    NO
    Do not specify the secflags attribute. The command code is expected to raise and lower its privileges as required when the FSF_EPS flag is not specified.
  8. Does the command need to run with the special real user ID 0?
    YES
    Specify the RUID attribute.
  9. Is the command highly critical and requires to be controlled and mandates the presence of more than one person before it can be invoked?
    YES
    Specify the authroles attribute and assign the value with a list of roles. Users of each role will have to be authenticated before the command can be executed.

After answering these questions, run the setsecattr command with the appropriate parameters to add the command to the database. If the command is an existing command and is an SUID or SGID command, then consideration should be given to remove the SUID and SGID bits from the file so that the least-privilege model is enforced.