login_class(3)
NAME
- setclasscontext, setclassenvironment, setclassresources,
- setusercontext functions for using the login class capabilities database
LIBRARY
System Utilities Library (libutil, -lutil)
SYNOPSIS
#include <sys/types.h> #include <login_cap.h> int setclasscontext(const char *classname, unsigned int flags); int setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned int flags); void setclassresources(login_cap_t *lc); void setclassenvironment(login_cap_t *lc, const struct passwd *pwd, int paths);
DESCRIPTION
- These functions provide a higher level interface to the lo
- gin class
database than those documented in login_cap(3). These func - tions are used
to set resource limits, environment and accounting settings - for users on
logging into the system and when selecting an appropriate - set of environment and resource settings for system daemons based on login
- classes.
These functions may only be called if the current process is - running with
root privileges. If the LOGIN_SETLOGIN flag is used this - function calls
setlogin(2), and due care must be taken as detailed in the - manpage for
that function and this affects all processes running in the - same session
and not just the current process. - The setclasscontext() function sets various class context
- values
(resource limits, umask and process priorities) based on - values for a
specific named class. - The setusercontext() function sets class context values
- based on a given
login_cap_t object and a specific passwd record (if lo - gin_cap_t is NULL),
the current session's login, and the current process user - and group ownership. Each of these actions is selectable via bit-flags
- passed in the
flags parameter, which is comprised of one or more of the - following:
- LOGIN_SETLOGIN Set the login associated with the cur
- rent session to
- the user specified in the passwd struc
- ture using
setlogin(2). The pwd parameter must not - be NULL if
this option is used. - LOGIN_SETUSER Set ownship of the current process to
- the uid speci
- fied in the uid parameter using setu
- id(2).
- LOGIN_SETGROUP Set group ownership of the current pro
- cess to the
- group id specified in the passwd struc
- ture using
setgid(2), and calls initgroups(3) to - set up the
group access list for the current pro - cess. The pwd
parameter must not be NULL if this op - tion is used.
- LOGIN_SETRESOURCES Set resource limits for the current pro
- cess based on
- values specified in the system login
- class database.
Class capability tags used, with and - without -cur
(soft limit) or -max (hard limit) suf - fixes and the
corresponding resource setting: - cputime RLIMIT_CPU
filesize RLIMIT_FSIZE
datasize RLIMIT_DATA
stacksize RLIMIT_STACK
coredumpsize RLIMIT_CORE
memoryuse RLIMIT_RSS
memorylocked RLIMIT_MEMLOCK
maxproc RLIMIT_NPROC
openfiles RLIMIT_NOFILE
sbsize RLIMIT_SBSIZE
vmemoryuse RLIMIT_VMEM - LOGIN_SETPRIORITY Set the scheduling priority for the cur
- rent process
- based on the value specified in the sys
- tem login
class database. Class capability tags - used:
- priority
- LOGIN_SETUMASK Set the umask for the current process to
- a value in
- the user or system login class database.
- Class capability tags used:
- umask
- LOGIN_SETPATH Set the "path" and "manpath" environment
- variables
- based on values in the user or system
- login class
database. Class capability tags used - with the corresponding environment variables set:
- path PATH
manpath MANPATH - LOGIN_SETENV Set various environment variables based
- on values in
- the user or system login class database.
- Class capability tags used with the corresponding
- environment
variables set: - lang LANG
charset MM_CHARSET
timezone TZ
term TERM - Additional environment variables may be
- set using the
list type capability "setenv=var1 - val1,var2
val2..,varN valN". - LOGIN_SETMAC Set the MAC label for the current pro
- cess to the
- label specified in system login class
- database.
- LOGIN_SETALL Enables all of the above settings.
- Note that when setting environment variables and a valid
- passwd pointer
is provided in the pwd parameter, the characters `~' and `$' - are substituted for the user's home directory and login name respec
- tively.
- The setclassresources() and setclassenvironment() functions
- are subsets
of the setcontext functions above, but may be useful in iso - lation.
RETURN VALUES
- The setclasscontext() and setusercontext() functions return
- -1 if an
error occurred, or 0 on success. If an error occurs when - attempting to
set the user, login, group or resources, a message is re - ported to
syslog(3), with LOG_ERR priority and directed to the cur - rently active
facility.
SEE ALSO
- setgid(2), setlogin(2), setuid(2), getcap(3), initgroups(3),
login_cap(3), mac_set_proc(3), login.conf(5), termcap(5) - BSD December 28, 1996