pfexec

, pfbash

, pfcsh

, pfksh

, pfsh

, pftcsh

, pfzsh

- execute a command in a profile

Synopsis

/usr/bin/pfexec command

/usr/bin/pfexec -P privspec command [ arg ]...

/usr/bin/pfsh [ options ] [ argument ]...

/usr/bin/pfcsh [ options ] [ argument ]...

/usr/bin/pfksh [ options ] [ argument ]...

Description

The pfexec program sets the PRIV_PFEXEC process flag and marks the current process as a profile shell. It then executes the specified command. The kernel queries the exec_attr(4) database and executes with the appropriate attributes.

Profiles are searched in the order specified in the user's entry in the user_attr(4) database. If the same command appears in more than one profile, the profile shell uses the first matching entry.

The second form, pfexec -P privspec, allows a user to obtain the additional privileges awarded to the user's profiles in prof_attr(4). The privileges specification on the commands line is parsed using priv_str_to_set(3C). The resulting privileges are intersected with the union of the privileges specified using the privs keyword in prof_attr(4) for all the user's profiles and added to the inheritable set before executing the command.

Usage

pfexec is used to execute commands with predefined process attributes, such as specific user or group IDs.

Refer to the sh(1), csh(1), and ksh(1) man pages for complete usage descriptions of the profile shells.

Examples

Example 1 Obtaining additional user privileges

example% pfexec -P all chown user file

This command runs chown user file with all privileges assigned to the current user, not necessarily all privileges.

Exit Status

The following exit values are returned:

0

Successful completion.

1

An error occurred.

Attributes

See attributes(5) for descriptions of the following attributes:

See Also

bash(1), csh(1), ksh(1), ksh88(1), profiles(1), sh(1), tcsh(1), zsh(1), exec_attr(4), prof_attr(4), user_attr(4), attributes(5)