1 .\" Copyright (c) 1995 David Nugent <davidn@blaze.net.au>
2 .\" All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, is permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice immediately at the beginning of the file, without modification,
9 .\" this list of conditions, and the following disclaimer.
10 .\" 2. Redistributions in binary form must reproduce the above copyright
11 .\" notice, this list of conditions and the following disclaimer in the
12 .\" documentation and/or other materials provided with the distribution.
13 .\" 3. This work was done expressly for inclusion into FreeBSD. Other use
14 .\" is permitted provided this notation is included.
15 .\" 4. Absolutely no warranty of function or purpose is made by the author
17 .\" 5. Modifications may be freely made to this file providing the above
18 .\" conditions are met.
28 .Nm setclassenvironment ,
29 .Nm setclassresources ,
31 .Nd "functions for using the login class capabilities database"
38 .Fn setclasscontext "const char *classname" "unsigned int flags"
40 .Fn setclasscpumask "login_cap_t *lc"
42 .Fn setclassenvironment "login_cap_t *lc" "const struct passwd *pwd" "int paths"
44 .Fn setclassresources "login_cap_t *lc"
46 .Fn setusercontext "login_cap_t *lc" "const struct passwd *pwd" "uid_t uid" "unsigned int flags"
48 These functions provide a higher level interface to the login class
49 database than those documented in
51 These functions are used to set resource limits, environment and
52 accounting settings for users on logging into the system and when
53 selecting an appropriate set of environment and resource settings
54 for system daemons based on login classes.
55 These functions may only be called if the current process is
56 running with root privileges.
57 If the LOGIN_SETLOGIN flag is used this function calls
59 and due care must be taken as detailed in the manpage for that
60 function and this affects all processes running in the same session
61 and not just the current process.
65 function sets various class context values (resource limits, umask and
66 process priorities) based on values for a specific named class.
70 function sets class context values based on a given login_cap_t
71 object and a specific passwd record (if login_cap_t is NULL),
72 the current session's login, and the current process
73 user and group ownership.
74 Each of these actions is selectable via bit-flags passed
77 parameter, which is comprised of one or more of the following:
78 .Bl -tag -width LOGIN_SETLOGINCLASS
80 Set the login associated with the current session to the user
81 specified in the passwd structure using
85 parameter must not be NULL if this option is used.
87 Set ownership of the current process to the uid specified in the
92 Set group ownership of the current process to the group id
93 specified in the passwd structure using
97 to set up the group access list for the current process.
100 parameter must not be NULL if this option is used.
101 .It LOGIN_SETRESOURCES
102 Set resource limits for the current process based on values
103 specified in the system login class database.
104 Class capability tags used, with and without -cur (soft limit)
105 or -max (hard limit) suffixes and the corresponding resource
109 filesize RLIMIT_FSIZE
111 stacksize RLIMIT_STACK
112 coredumpsize RLIMIT_CORE
114 memorylocked RLIMIT_MEMLOCK
116 openfiles RLIMIT_NOFILE
118 vmemoryuse RLIMIT_VMEM
119 pseudoterminals RLIMIT_NPTS
122 .It LOGIN_SETPRIORITY
123 Set the scheduling priority for the current process based on the
124 value specified in the system login class database.
125 Class capability tags used:
130 Set the umask for the current process to a value in the user or
131 system login class database.
132 Class capability tags used:
137 Set the "path" and "manpath" environment variables based on values
138 in the user or system login class database.
139 Class capability tags used with the corresponding environment
146 Set various environment variables based on values in the user or
147 system login class database.
148 Class capability tags used with the corresponding environment
157 Additional environment variables may be set using the list type
158 capability "setenv=var1 val1,var2 val2..,varN valN".
160 Set the MAC label for the current process to the label specified
161 in system login class database.
166 and set the cpu affinity to the specified mask.
167 The string may contain a comma separated list of numbers and/or number
168 ranges as handled by the
170 utility or the case-insensitive string
174 no action will be taken.
175 .It LOGIN_SETLOGINCLASS
176 Set the login class of the current process using
177 .Xr setloginclass 2 .
179 Enables all of the above settings.
182 Note that when setting environment variables and a valid passwd
183 pointer is provided in the
185 parameter, the characters
189 are substituted for the user's home directory and login name
193 .Fn setclasscpumask ,
194 .Fn setclassresources
196 .Fn setclassenvironment
197 functions are subsets of the setcontext functions above, but may
198 be useful in isolation.
204 functions return -1 if an error occurred, or 0 on success.
205 If an error occurs when attempting to set the user, login, group
206 or resources, a message is reported to
208 with LOG_ERR priority and directed to the currently active facility.
215 .Xr setloginclass 2 ,