1 .\" Copyright (c) 1995 David Nugent <davidn@blaze.net.au> 2 .\" All rights reserved. 3 .\" 4 .\" Redistribution and use in source and binary forms, with or without 5 .\" modification, is permitted provided that the following conditions 6 .\" are met: 7 .\" 1. Redistributions of source code must retain the above copyright 8 .\" notice immediately at the beginning of the file, without modification, 9 .\" this list of conditions, and the following disclaimer. 10 .\" 2. Redistributions in binary form must reproduce the above copyright 11 .\" notice, this list of conditions and the following disclaimer in the 12 .\" documentation and/or other materials provided with the distribution. 13 .\" 3. This work was done expressly for inclusion into FreeBSD. Other use 14 .\" is permitted provided this notation is included. 15 .\" 4. Absolutely no warranty of function or purpose is made by the author 16 .\" David Nugent. 17 .\" 5. Modifications may be freely made to this file providing the above 18 .\" conditions are met. 19 .\" 20 .Dd May 10, 2020 21 .Dt LOGIN_CLASS 3 22 .Os 23 .Sh NAME 24 .Nm setclasscontext , 25 .Nm setclasscpumask , 26 .Nm setclassenvironment , 27 .Nm setclassresources , 28 .Nm setusercontext 29 .Nd "functions for using the login class capabilities database" 30 .Sh LIBRARY 31 .Lb libutil 32 .Sh SYNOPSIS 33 .In sys/types.h 34 .In login_cap.h 35 .Ft int 36 .Fn setclasscontext "const char *classname" "unsigned int flags" 37 .Ft void 38 .Fn setclasscpumask "login_cap_t *lc" 39 .Ft void 40 .Fn setclassenvironment "login_cap_t *lc" "const struct passwd *pwd" "int paths" 41 .Ft void 42 .Fn setclassresources "login_cap_t *lc" 43 .Ft int 44 .Fn setusercontext "login_cap_t *lc" "const struct passwd *pwd" "uid_t uid" "unsigned int flags" 45 .Sh DESCRIPTION 46 These functions provide a higher level interface to the login class 47 database than those documented in 48 .Xr login_cap 3 . 49 These functions are used to set resource limits, environment and 50 accounting settings for users on logging into the system and when 51 selecting an appropriate set of environment and resource settings 52 for system daemons based on login classes. 53 These functions may only be called if the current process is 54 running with root privileges. 55 If the LOGIN_SETLOGIN flag is used this function calls 56 .Xr setlogin 2 , 57 and due care must be taken as detailed in the manpage for that 58 function and this affects all processes running in the same session 59 and not just the current process. 60 .Pp 61 The 62 .Fn setclasscontext 63 function sets various class context values (resource limits, umask and 64 process priorities) based on values for a specific named class. 65 .Pp 66 The 67 .Fn setusercontext 68 function sets class context values based on a given login_cap_t 69 object and a specific passwd record (if login_cap_t is NULL), 70 the current session's login, and the current process 71 user and group ownership. 72 Each of these actions is selectable via bit-flags passed 73 in the 74 .Ar flags 75 parameter, which is comprised of one or more of the following: 76 .Bl -tag -width LOGIN_SETLOGINCLASS 77 .It LOGIN_SETLOGIN 78 Set the login associated with the current session to the user 79 specified in the passwd structure using 80 .Xr setlogin 2 . 81 The 82 .Ar pwd 83 parameter must not be NULL if this option is used. 84 .It LOGIN_SETUSER 85 Set ownership of the current process to the uid specified in the 86 .Ar uid 87 parameter using 88 .Xr setuid 2 . 89 .It LOGIN_SETGROUP 90 Set group ownership of the current process to the group id 91 specified in the passwd structure using 92 .Xr setgid 2 , 93 and calls 94 .Xr initgroups 3 95 to set up the group access list for the current process. 96 The 97 .Ar pwd 98 parameter must not be NULL if this option is used. 99 .It LOGIN_SETRESOURCES 100 Set resource limits for the current process based on values 101 specified in the system login class database. 102 Class capability tags used, with and without -cur (soft limit) 103 or -max (hard limit) suffixes and the corresponding resource 104 setting: 105 .Bd -literal 106 cputime RLIMIT_CPU 107 filesize RLIMIT_FSIZE 108 datasize RLIMIT_DATA 109 stacksize RLIMIT_STACK 110 coredumpsize RLIMIT_CORE 111 memoryuse RLIMIT_RSS 112 memorylocked RLIMIT_MEMLOCK 113 maxproc RLIMIT_NPROC 114 openfiles RLIMIT_NOFILE 115 sbsize RLIMIT_SBSIZE 116 vmemoryuse RLIMIT_VMEM 117 pseudoterminals RLIMIT_NPTS 118 swapuse RLIMIT_SWAP 119 kqueues RLIMIT_KQUEUES 120 umtxp RLIMIT_UMTXP 121 pipebuf RLIMIT_PIPEBUF 122 .Ed 123 .It LOGIN_SETPRIORITY 124 Set the scheduling priority for the current process based on the 125 value specified in the system login class database. 126 Class capability tags used: 127 .Bd -literal 128 priority 129 .Ed 130 .It LOGIN_SETUMASK 131 Set the umask for the current process to a value in the user or 132 system login class database. 133 Class capability tags used: 134 .Bd -literal 135 umask 136 .Ed 137 .It LOGIN_SETPATH 138 Set the "path" and "manpath" environment variables based on values 139 in the user or system login class database. 140 Class capability tags used with the corresponding environment 141 variables set: 142 .Bd -literal 143 path PATH 144 manpath MANPATH 145 .Ed 146 .It LOGIN_SETENV 147 Set various environment variables based on values in the user or 148 system login class database. 149 Class capability tags used with the corresponding environment 150 variables set: 151 .Bd -literal 152 lang LANG 153 charset MM_CHARSET 154 timezone TZ 155 term TERM 156 .Ed 157 .Pp 158 Additional environment variables may be set using the list type 159 capability "setenv=var1 val1,var2 val2..,varN valN". 160 .It LOGIN_SETMAC 161 Set the MAC label for the current process to the label specified 162 in system login class database. 163 .It LOGIN_SETCPUMASK 164 Create a new 165 .Xr cpuset 2 166 and set the cpu affinity to the specified mask. 167 The string may contain a comma separated list of numbers and/or number 168 ranges as handled by the 169 .Xr cpuset 1 170 utility or the case-insensitive string 171 .Ql default . 172 If the string is 173 .Ql default 174 no action will be taken. 175 .It LOGIN_SETLOGINCLASS 176 Set the login class of the current process using 177 .Xr setloginclass 2 . 178 .It LOGIN_SETALL 179 Enables all of the above settings. 180 .El 181 .Pp 182 Note that when setting environment variables and a valid passwd 183 pointer is provided in the 184 .Ar pwd 185 parameter, the characters 186 .Ql \&~ 187 and 188 .Ql \&$ 189 are substituted for the user's home directory and login name 190 respectively. 191 .Pp 192 The 193 .Fn setclasscpumask , 194 .Fn setclassresources 195 and 196 .Fn setclassenvironment 197 functions are subsets of the setcontext functions above, but may 198 be useful in isolation. 199 .Sh RETURN VALUES 200 The 201 .Fn setclasscontext 202 and 203 .Fn setusercontext 204 functions return -1 if an error occurred, or 0 on success. 205 If an error occurs when attempting to set the user, login, group 206 or resources, a message is reported to 207 .Xr syslog 3 , 208 with LOG_ERR priority and directed to the currently active facility. 209 .Sh SEE ALSO 210 .Xr cpuset 1 , 211 .Xr ps 1 , 212 .Xr cpuset 2 , 213 .Xr setgid 2 , 214 .Xr setlogin 2 , 215 .Xr setloginclass 2 , 216 .Xr setuid 2 , 217 .Xr getcap 3 , 218 .Xr initgroups 3 , 219 .Xr login_cap 3 , 220 .Xr mac_set_proc 3 , 221 .Xr login.conf 5 , 222 .Xr termcap 5 223 .Sh HISTORY 224 The functions 225 .Fn setclasscontext , 226 .Fn setclasscpumask , 227 .Fn setclassenvironment , 228 .Fn setclassresources 229 and 230 .Fn setusercontext 231 first appeared in 232 .Fx 2.1.5 . 233