lib/libutil/login_class.3

.\" Copyright (c) 1995 David Nugent <davidn@blaze.net.au>
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, is permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice immediately at the beginning of the file, without modification,
.\"    this list of conditions, and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. This work was done expressly for inclusion into FreeBSD.  Other use
.\"    is permitted provided this notation is included.
.\" 4. Absolutely no warranty of function or purpose is made by the author
.\"    David Nugent.
.\" 5. Modifications may be freely made to this file providing the above
.\"    conditions are met.
.\"
.\" $FreeBSD$
.\"
.Dd December 28, 1996
.Os
.Dt LOGIN_CLASS 3
.Sh NAME
.Nm setclasscontext ,
.Nm setclassenvironment ,
.Nm setclassresources ,
.Nm setusercontext
.Nd "functions for using the login class capabilities database"
.Sh LIBRARY
.Lb libutil
.Sh SYNOPSIS
.In sys/types.h
.In login_cap.h
.Ft int
.Fn setclasscontext "const char *classname" "unsigned int flags"
.Ft int
.Fn setusercontext "login_cap_t *lc" "const struct passwd *pwd" "uid_t uid" "unsigned int flags"
.Ft void
.Fn setclassresources "login_cap_t *lc"
.Ft void
.Fn setclassenvironment "login_cap_t *lc" "const struct passwd *pwd" "int paths"
.Sh DESCRIPTION
These functions provide a higher level interface to the login class
database than those documented in
.Xr login_cap 3 .
These functions are used to set resource limits, environment and
accounting settings for users on logging into the system and when
selecting an appropriate set of environment and resource settings
for system daemons based on login classes.
These functions may only be called if the current process is
running with root privileges.
If the LOGIN_SETLOGIN flag is used this function calls
.Xr setlogin 2 ,
and due care must be taken as detailed in the manpage for that
function and this affects all processes running in the same session
and not just the current process.
.Pp
The
.Fn setclasscontext
function sets various class context values (resource limits, umask and
process priorities) based on values for a specific named class.
.Pp
The
.Fn setusercontext
function sets class context values based on a given login_cap_t
object, a specific passwd record (if login_cap_t is NULL),
sets the current session's login and the current process
user and group ownership.
Each of these functions is selectable via bit-flags passed
in the
.Ar flags
parameter, which is comprised of one or more of the following:
.Bl -tag -width LOGIN_SETRESOURCES
.It LOGIN_SETLOGIN
Set the login associated with the current session to the user
specified in the passwd structure using
.Xr setlogin 2 .
The
.Ar pwd
parameter must not be NULL if this option is used.
.It LOGIN_SETUSER
Set ownship of the current process to the uid specified in the
.Ar uid
parameter using
.Xr setuid 2 .
.It LOGIN_SETGROUP
Set group ownership of the current process to the group id
specified in the passwd structure using
.Xr setgid 2 ,
and calls
.Xr initgroups 3
to set up the group access list for the current process.
The
.Ar pwd
parameter must not be NULL if this option is used.
.It LOGIN_SETRESOURCES
Set resource limits for the current process based on values
specified in the system login class database.
Class capability tags used, with and without -cur (soft limit)
or -max (hard limit) suffixes and the corresponding resource
setting:
.Bd -literal
cputime       RLIMIT_CPU
filesize      RLIMIT_FSIZE
datasize      RLIMIT_DATA
stacksize     RLIMIT_STACK
coredumpsize  RLIMIT_CORE
memoryuse     RLIMIT_RSS
memorylocked  RLIMIT_MEMLOCK
maxproc       RLIMIT_NPROC
openfiles     RLIMIT_NOFILE
sbsize        RLIMIT_SBSIZE
vmemoryuse    RLIMIT_VMEM
.Ed
.It LOGIN_SETPRIORITY
Set the scheduling priority for the current process based on the
value specified in the system login class database.
Class capability tags used:
.Bd -literal
priority
.Ed
.It LOGIN_SETUMASK
Set the umask for the current process to a value in the user or
system login class database.
Class capability tags used:
.Bd -literal
umask
.Ed
.It LOGIN_SETPATH
Set the "path" and "manpath" environment variables based on values
in the user or system login class database.
Class capability tags used with the corresponding environment
variables set:
.Bd -literal
path          PATH
manpath       MANPATH
.Ed
.It LOGIN_SETENV
Set various environment variables based on values in the user or
system login class database.
Class capability tags used with the corresponding environment
variables set:
.Bd -literal
lang          LANG
charset       MM_CHARSET
timezone      TZ
term          TERM
.Ed
.Pp
Additional environment variables may be set using the list type
capability "setenv=var1 val1,var2 val2..,varN valN".
.It LOGIN_SETALL
Enables all of the above settings.
.El
.Pp
Note that when setting environment variables and a valid passwd
pointer is provided in the
.Ar pwd
parameter, the characters
.Ql \&~
and
.Ql \&$
are substituted for the user's home directory and login name
respectively.
.Pp
The
.Fn setclassresources
and
.Fn setclassenvironment
functions are subsets of the setcontext functions above, but may
be useful in isolation.
.Sh RETURN VALUES
The
.Fn setclasscontext
and
.Fn setusercontext
functions return -1 if an error occurred, or 0 on success.
If an error occurs when attempting to set the user, login, group
or resources, a message is reported to
.Xr syslog 3 ,
with LOG_ERR priority and directed to the currently active facility.
.Sh SEE ALSO
.Xr setgid 2 ,
.Xr setlogin 2 ,
.Xr setuid 2 ,
.Xr getcap 3 ,
.Xr initgroups 3 ,
.Xr login_cap 3 ,
.Xr login.conf 5 ,
.Xr termcap 5