Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   44335 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

PRIVMAN(7)			 Miscellaneous			    PRIVMAN(7)

NAME
       Privman - A library for privilege separation.

DESCRIPTION
       Privman	is  a library that makes it easy for programs to use privilege
       separation, a technique that prevents the leak or misuse	 of  privilege
       from  applications that must run with some elevated permissions.	 Priv‐
       man-managed processes can implement fine grained control of root privi‐
       lege on common Unix-based operating systems.

       Applications  that  use	the Privman library split into two halves, the
       half that performs valid privileged operations, and the half that  con‐
       tains  the application's logic. The Privman library simplifies the oth‐
       erwise complex task of separating the applications, protecting the sys‐
       tem from compromise if an error in the applications logic is found.

       The library uses configuration files ( privman_conf(5) ) to allow fine-
       grained access control decisions for the privileged operations,	limit‐
       ing  exposure in the event of an attack against the application. If the
       applications is compromised, the attacker gains only the privileges  of
       an unprivileged user, and the specific privileges granted to the appli‐
       cation by the application's Privman configuration file.

FILES
       ${prefix}/etc/privman.d/*
	      Applications specific configuration files.  See  privman_conf(5)
	      for further details.

       ${prefix}/include/privman.h
	      The include file for the library.

       ${exec_prefix}/lib/libprivman.so
	      The  library  itself.  On	 most  systems,	 you will need to link
	      against libpam and libpam_misc in addition to libprivman

OVERVIEW
       A  Privman  managed  program  will  generally  start  with  a  call  to
       priv_init(3).   priv_init()  splits  the	 process: the still-privileged
       parent listens to a pipe for requests, the child	 drops	privilege  and
       and returns from priv_init().

       After  priv_init(),  continue  normally. When you need to invoke privi‐
       leged operation "foo()", use "priv_foo()" instead. For example, if  you
       want  your  server  to bind to a low port, you would pass the socket to
       priv_bind(3) instead of bind(2).

BUGS
       The API may seem a bit complex.

       There is no permission checking on the chroot jail for either execve or
       rerunas.

TODO
       priv_fdreopen().

AUTHOR
       Network Associates. Send email to <privman@nailabs.com>

SEE ALSO
       priv_bind(3)  priv_daemon(3)  priv_execve(3) priv_fopen(3) priv_fork(3)
       priv_init(3) privman_conf(5) priv_open(3) priv_pam(3) priv_rerunas(3)

Unix				SEPTEMBER 2002			    PRIVMAN(7)

Vote for polarhome