168bbf3adSDavid Nugent.\" Copyright (c) 1995 David Nugent <davidn@blaze.net.au> 268bbf3adSDavid Nugent.\" All rights reserved. 368bbf3adSDavid Nugent.\" 468bbf3adSDavid Nugent.\" Redistribution and use in source and binary forms, with or without 568bbf3adSDavid Nugent.\" modification, is permitted provided that the following conditions 668bbf3adSDavid Nugent.\" are met: 768bbf3adSDavid Nugent.\" 1. Redistributions of source code must retain the above copyright 868bbf3adSDavid Nugent.\" notice immediately at the beginning of the file, without modification, 968bbf3adSDavid Nugent.\" this list of conditions, and the following disclaimer. 1068bbf3adSDavid Nugent.\" 2. Redistributions in binary form must reproduce the above copyright 1168bbf3adSDavid Nugent.\" notice, this list of conditions and the following disclaimer in the 1268bbf3adSDavid Nugent.\" documentation and/or other materials provided with the distribution. 1368bbf3adSDavid Nugent.\" 3. This work was done expressly for inclusion into FreeBSD. Other use 1468bbf3adSDavid Nugent.\" is permitted provided this notation is included. 1568bbf3adSDavid Nugent.\" 4. Absolutely no warranty of function or purpose is made by the author 1668bbf3adSDavid Nugent.\" David Nugent. 1768bbf3adSDavid Nugent.\" 5. Modifications may be freely made to this file providing the above 1868bbf3adSDavid Nugent.\" conditions are met. 1968bbf3adSDavid Nugent.\" 207f3dea24SPeter Wemm.\" $FreeBSD$ 2168bbf3adSDavid Nugent.\" 22c6b2aa68SSergey Kandaurov.Dd March 24, 2011 2368bbf3adSDavid Nugent.Dt LOGIN_CLASS 3 24aa12cea2SUlrich Spörlein.Os 2568bbf3adSDavid Nugent.Sh NAME 2668bbf3adSDavid Nugent.Nm setclasscontext , 2792657d3cSDag-Erling Smørgrav.Nm setclasscpumask , 283dc329d1SAlexey Zelkin.Nm setclassenvironment , 2968bbf3adSDavid Nugent.Nm setclassresources , 303dc329d1SAlexey Zelkin.Nm setusercontext 31eb083802SRuslan Ermilov.Nd "functions for using the login class capabilities database" 323dc329d1SAlexey Zelkin.Sh LIBRARY 333dc329d1SAlexey Zelkin.Lb libutil 3468bbf3adSDavid Nugent.Sh SYNOPSIS 3532eef9aeSRuslan Ermilov.In sys/types.h 3632eef9aeSRuslan Ermilov.In login_cap.h 3768bbf3adSDavid Nugent.Ft int 38c5a44d91SBruce Evans.Fn setclasscontext "const char *classname" "unsigned int flags" 3968bbf3adSDavid Nugent.Ft void 4092657d3cSDag-Erling Smørgrav.Fn setclasscpumask "login_cap_t *lc" 4168bbf3adSDavid Nugent.Ft void 4268bbf3adSDavid Nugent.Fn setclassenvironment "login_cap_t *lc" "const struct passwd *pwd" "int paths" 4392657d3cSDag-Erling Smørgrav.Ft void 4492657d3cSDag-Erling Smørgrav.Fn setclassresources "login_cap_t *lc" 4592657d3cSDag-Erling Smørgrav.Ft int 4692657d3cSDag-Erling Smørgrav.Fn setusercontext "login_cap_t *lc" "const struct passwd *pwd" "uid_t uid" "unsigned int flags" 4768bbf3adSDavid Nugent.Sh DESCRIPTION 4868bbf3adSDavid NugentThese functions provide a higher level interface to the login class 4968bbf3adSDavid Nugentdatabase than those documented in 5068bbf3adSDavid Nugent.Xr login_cap 3 . 5168bbf3adSDavid NugentThese functions are used to set resource limits, environment and 5268bbf3adSDavid Nugentaccounting settings for users on logging into the system and when 5368bbf3adSDavid Nugentselecting an appropriate set of environment and resource settings 5468bbf3adSDavid Nugentfor system daemons based on login classes. 5568bbf3adSDavid NugentThese functions may only be called if the current process is 569c727d2cSJoseph Koshyrunning with root privileges. 5768bbf3adSDavid NugentIf the LOGIN_SETLOGIN flag is used this function calls 5868bbf3adSDavid Nugent.Xr setlogin 2 , 5968bbf3adSDavid Nugentand due care must be taken as detailed in the manpage for that 6068bbf3adSDavid Nugentfunction and this affects all processes running in the same session 6168bbf3adSDavid Nugentand not just the current process. 6268bbf3adSDavid Nugent.Pp 630552350eSPhilippe CharnierThe 6468bbf3adSDavid Nugent.Fn setclasscontext 650552350eSPhilippe Charnierfunction sets various class context values (resource limits, umask and 6668bbf3adSDavid Nugentprocess priorities) based on values for a specific named class. 6768bbf3adSDavid Nugent.Pp 680552350eSPhilippe CharnierThe 6968bbf3adSDavid Nugent.Fn setusercontext 700552350eSPhilippe Charnierfunction sets class context values based on a given login_cap_t 7126eff9e8SDiomidis Spinellisobject and a specific passwd record (if login_cap_t is NULL), 7226eff9e8SDiomidis Spinellisthe current session's login, and the current process 7368bbf3adSDavid Nugentuser and group ownership. 7426eff9e8SDiomidis SpinellisEach of these actions is selectable via bit-flags passed 7568bbf3adSDavid Nugentin the 7668bbf3adSDavid Nugent.Ar flags 7768bbf3adSDavid Nugentparameter, which is comprised of one or more of the following: 78ffa51010SEdward Tomasz Napierala.Bl -tag -width LOGIN_SETLOGINCLASS 7968bbf3adSDavid Nugent.It LOGIN_SETLOGIN 8068bbf3adSDavid NugentSet the login associated with the current session to the user 810552350eSPhilippe Charnierspecified in the passwd structure using 8268bbf3adSDavid Nugent.Xr setlogin 2 . 8368bbf3adSDavid NugentThe 8468bbf3adSDavid Nugent.Ar pwd 8568bbf3adSDavid Nugentparameter must not be NULL if this option is used. 8668bbf3adSDavid Nugent.It LOGIN_SETUSER 87613c94acSMaxim KonovalovSet ownership of the current process to the uid specified in the 8868bbf3adSDavid Nugent.Ar uid 8968bbf3adSDavid Nugentparameter using 9068bbf3adSDavid Nugent.Xr setuid 2 . 9168bbf3adSDavid Nugent.It LOGIN_SETGROUP 9268bbf3adSDavid NugentSet group ownership of the current process to the group id 9368bbf3adSDavid Nugentspecified in the passwd structure using 9468bbf3adSDavid Nugent.Xr setgid 2 , 9568bbf3adSDavid Nugentand calls 9668bbf3adSDavid Nugent.Xr initgroups 3 9768bbf3adSDavid Nugentto set up the group access list for the current process. 9868bbf3adSDavid NugentThe 9968bbf3adSDavid Nugent.Ar pwd 10068bbf3adSDavid Nugentparameter must not be NULL if this option is used. 10168bbf3adSDavid Nugent.It LOGIN_SETRESOURCES 10268bbf3adSDavid NugentSet resource limits for the current process based on values 10368bbf3adSDavid Nugentspecified in the system login class database. 10468bbf3adSDavid NugentClass capability tags used, with and without -cur (soft limit) 10568bbf3adSDavid Nugentor -max (hard limit) suffixes and the corresponding resource 10668bbf3adSDavid Nugentsetting: 10768bbf3adSDavid Nugent.Bd -literal 10868bbf3adSDavid Nugentcputime RLIMIT_CPU 10968bbf3adSDavid Nugentfilesize RLIMIT_FSIZE 11068bbf3adSDavid Nugentdatasize RLIMIT_DATA 11168bbf3adSDavid Nugentstacksize RLIMIT_STACK 11268bbf3adSDavid Nugentcoredumpsize RLIMIT_CORE 11368bbf3adSDavid Nugentmemoryuse RLIMIT_RSS 11468bbf3adSDavid Nugentmemorylocked RLIMIT_MEMLOCK 11568bbf3adSDavid Nugentmaxproc RLIMIT_NPROC 11668bbf3adSDavid Nugentopenfiles RLIMIT_NOFILE 1176b3ced11SBrian Feldmansbsize RLIMIT_SBSIZE 1186c4e78aeSTom Rhodesvmemoryuse RLIMIT_VMEM 119c6b2aa68SSergey Kandaurovpseudoterminals RLIMIT_NPTS 120c6b2aa68SSergey Kandaurovswapuse RLIMIT_SWAP 12185a0ddfdSKonstantin Belousovkqueues RLIMIT_KQUEUES 122*250d9fd8SKonstantin Belousovumtxp RLIMIT_UMTXP 12368bbf3adSDavid Nugent.Ed 12468bbf3adSDavid Nugent.It LOGIN_SETPRIORITY 12568bbf3adSDavid NugentSet the scheduling priority for the current process based on the 12668bbf3adSDavid Nugentvalue specified in the system login class database. 12768bbf3adSDavid NugentClass capability tags used: 12868bbf3adSDavid Nugent.Bd -literal 12968bbf3adSDavid Nugentpriority 13068bbf3adSDavid Nugent.Ed 13168bbf3adSDavid Nugent.It LOGIN_SETUMASK 13268bbf3adSDavid NugentSet the umask for the current process to a value in the user or 13368bbf3adSDavid Nugentsystem login class database. 13468bbf3adSDavid NugentClass capability tags used: 13568bbf3adSDavid Nugent.Bd -literal 13668bbf3adSDavid Nugentumask 13768bbf3adSDavid Nugent.Ed 13868bbf3adSDavid Nugent.It LOGIN_SETPATH 13968bbf3adSDavid NugentSet the "path" and "manpath" environment variables based on values 14068bbf3adSDavid Nugentin the user or system login class database. 14168bbf3adSDavid NugentClass capability tags used with the corresponding environment 14268bbf3adSDavid Nugentvariables set: 14368bbf3adSDavid Nugent.Bd -literal 14468bbf3adSDavid Nugentpath PATH 14568bbf3adSDavid Nugentmanpath MANPATH 14668bbf3adSDavid Nugent.Ed 14768bbf3adSDavid Nugent.It LOGIN_SETENV 14868bbf3adSDavid NugentSet various environment variables based on values in the user or 14968bbf3adSDavid Nugentsystem login class database. 15068bbf3adSDavid NugentClass capability tags used with the corresponding environment 15168bbf3adSDavid Nugentvariables set: 15268bbf3adSDavid Nugent.Bd -literal 15368bbf3adSDavid Nugentlang LANG 15468bbf3adSDavid Nugentcharset MM_CHARSET 15568bbf3adSDavid Nugenttimezone TZ 15668bbf3adSDavid Nugentterm TERM 15768bbf3adSDavid Nugent.Ed 15868bbf3adSDavid Nugent.Pp 15968bbf3adSDavid NugentAdditional environment variables may be set using the list type 16068bbf3adSDavid Nugentcapability "setenv=var1 val1,var2 val2..,varN valN". 161111a16a8SChristian S.J. Peron.It LOGIN_SETMAC 162111a16a8SChristian S.J. PeronSet the MAC label for the current process to the label specified 163111a16a8SChristian S.J. Peronin system login class database. 164d84c4292SBrooks Davis.It LOGIN_SETCPUMASK 165d84c4292SBrooks DavisCreate a new 166d84c4292SBrooks Davis.Xr cpuset 2 167d84c4292SBrooks Davisand set the cpu affinity to the specified mask. 168d84c4292SBrooks DavisThe string may contain a comma separated list of numbers and/or number 169d84c4292SBrooks Davisranges as handled by the 170d84c4292SBrooks Davis.Xr cpuset 1 171d84c4292SBrooks Davisutility or the case-insensitive string 172d84c4292SBrooks Davis.Ql default . 173d84c4292SBrooks DavisIf the string is 174d84c4292SBrooks Davis.Ql default 175d84c4292SBrooks Davisno action will be taken. 176ffa51010SEdward Tomasz Napierala.It LOGIN_SETLOGINCLASS 177ffa51010SEdward Tomasz NapieralaSet the login class of the current process using 178ffa51010SEdward Tomasz Napierala.Xr setloginclass 2 . 17968bbf3adSDavid Nugent.It LOGIN_SETALL 18068bbf3adSDavid NugentEnables all of the above settings. 18168bbf3adSDavid Nugent.El 18268bbf3adSDavid Nugent.Pp 18368bbf3adSDavid NugentNote that when setting environment variables and a valid passwd 18468bbf3adSDavid Nugentpointer is provided in the 18568bbf3adSDavid Nugent.Ar pwd 18668bbf3adSDavid Nugentparameter, the characters 18768bbf3adSDavid Nugent.Ql \&~ 18868bbf3adSDavid Nugentand 18968bbf3adSDavid Nugent.Ql \&$ 19068bbf3adSDavid Nugentare substituted for the user's home directory and login name 19168bbf3adSDavid Nugentrespectively. 19268bbf3adSDavid Nugent.Pp 19368bbf3adSDavid NugentThe 19492657d3cSDag-Erling Smørgrav.Fn setclasscpumask , 19568bbf3adSDavid Nugent.Fn setclassresources 19668bbf3adSDavid Nugentand 19768bbf3adSDavid Nugent.Fn setclassenvironment 19868bbf3adSDavid Nugentfunctions are subsets of the setcontext functions above, but may 19968bbf3adSDavid Nugentbe useful in isolation. 20068bbf3adSDavid Nugent.Sh RETURN VALUES 2010552350eSPhilippe CharnierThe 20268bbf3adSDavid Nugent.Fn setclasscontext 20368bbf3adSDavid Nugentand 20468bbf3adSDavid Nugent.Fn setusercontext 2050552350eSPhilippe Charnierfunctions return -1 if an error occurred, or 0 on success. 20668bbf3adSDavid NugentIf an error occurs when attempting to set the user, login, group 20768bbf3adSDavid Nugentor resources, a message is reported to 20868bbf3adSDavid Nugent.Xr syslog 3 , 20968bbf3adSDavid Nugentwith LOG_ERR priority and directed to the currently active facility. 21068bbf3adSDavid Nugent.Sh SEE ALSO 211d84c4292SBrooks Davis.Xr cpuset 1 , 212ffa51010SEdward Tomasz Napierala.Xr ps 1 , 213d84c4292SBrooks Davis.Xr cpuset 2 , 21475141cc9SWolfram Schneider.Xr setgid 2 , 21568bbf3adSDavid Nugent.Xr setlogin 2 , 216ffa51010SEdward Tomasz Napierala.Xr setloginclass 2 , 21768bbf3adSDavid Nugent.Xr setuid 2 , 21875141cc9SWolfram Schneider.Xr getcap 3 , 21968bbf3adSDavid Nugent.Xr initgroups 3 , 22068bbf3adSDavid Nugent.Xr login_cap 3 , 221111a16a8SChristian S.J. Peron.Xr mac_set_proc 3 , 22268bbf3adSDavid Nugent.Xr login.conf 5 , 22375141cc9SWolfram Schneider.Xr termcap 5 224