1.\" Copyright (c) 1995 David Nugent <davidn@blaze.net.au> 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, is permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice immediately at the beginning of the file, without modification, 9.\" this list of conditions, and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 3. This work was done expressly for inclusion into FreeBSD. Other use 14.\" is permitted provided this notation is included. 15.\" 4. Absolutely no warranty of function or purpose is made by the author 16.\" David Nugent. 17.\" 5. Modifications may be freely made to this file providing the above 18.\" conditions are met. 19.\" 20.\" $FreeBSD: src/lib/libutil/login_class.3,v 1.9.2.4 2003/04/29 14:40:07 trhodes Exp $ 21.\" $DragonFly: src/lib/libutil/login_class.3,v 1.4 2006/06/17 01:15:18 reed Exp $ 22.\" 23.Dd December 28, 1996 24.Os 25.Dt LOGIN_CLASS 3 26.Sh NAME 27.Nm setclasscontext , 28.Nm setclassenvironment , 29.Nm setclassresources , 30.Nm setusercontext 31.Nd "functions for using the login class capabilities database" 32.Sh LIBRARY 33.Lb libutil 34.Sh SYNOPSIS 35.In sys/types.h 36.In login_cap.h 37.Ft int 38.Fn setclasscontext "const char *classname" "unsigned int flags" 39.Ft int 40.Fn setusercontext "login_cap_t *lc" "const struct passwd *pwd" "uid_t uid" "unsigned int flags" 41.Ft void 42.Fn setclassresources "login_cap_t *lc" 43.Ft int 44.Fn setclassenvironment "login_cap_t *lc" "const struct passwd *pwd" "int paths" 45.Sh DESCRIPTION 46These functions provide a higher level interface to the login class 47database than those documented in 48.Xr login_cap 3 . 49These functions are used to set resource limits, environment and 50accounting settings for users on logging into the system and when 51selecting an appropriate set of environment and resource settings 52for system daemons based on login classes. 53These functions may only be called if the current process is 54running with root privileges. 55If the LOGIN_SETLOGIN flag is used this function calls 56.Xr setlogin 2 , 57and due care must be taken as detailed in the manpage for that 58function and this affects all processes running in the same session 59and not just the current process. 60.Pp 61.Fn setclasscontext 62sets various class context values (resource limits, umask and 63process priorities) based on values for a specific named class. 64.Pp 65The function 66.Fn setusercontext 67sets class context values based on a given login_cap_t 68object, a specific passwd record (if login_cap_t is NULL), 69sets the current session's login and the current process 70user and group ownership. 71Each of these functions is selectable via bit-flags passed 72in the 73.Ar flags 74parameter, which is comprised of one or more of the following: 75.Bl -tag -width LOGIN_SETRESOURCES 76.It LOGIN_SETLOGIN 77Set the login associated with the current session to the user 78specified in the passwd structure. 79.Xr setlogin 2 . 80The 81.Ar pwd 82parameter must not be NULL if this option is used. 83.It LOGIN_SETUSER 84Set ownership of the current process to the uid specified in the 85.Ar uid 86parameter using 87.Xr setuid 2 . 88.It LOGIN_SETGROUP 89Set group ownership of the current process to the group id 90specified in the passwd structure using 91.Xr setgid 2 , 92and calls 93.Xr initgroups 3 94to set up the group access list for the current process. 95The 96.Ar pwd 97parameter must not be NULL if this option is used. 98.It LOGIN_SETRESOURCES 99Set resource limits for the current process based on values 100specified in the system login class database. 101Class capability tags used, with and without -cur (soft limit) 102or -max (hard limit) suffixes and the corresponding resource 103setting: 104.Bd -literal 105cputime RLIMIT_CPU 106filesize RLIMIT_FSIZE 107datasize RLIMIT_DATA 108stacksize RLIMIT_STACK 109coredumpsize RLIMIT_CORE 110memoryuse RLIMIT_RSS 111memorylocked RLIMIT_MEMLOCK 112maxproc RLIMIT_NPROC 113openfiles RLIMIT_NOFILE 114sbsize RLIMIT_SBSIZE 115vmemoryuse RLIMIT_VMEM 116.Ed 117.It LOGIN_SETPRIORITY 118Set the scheduling priority for the current process based on the 119value specified in the system login class database. 120Class capability tags used: 121.Bd -literal 122priority 123.Ed 124.It LOGIN_SETUMASK 125Set the umask for the current process to a value in the user or 126system login class database. 127Class capability tags used: 128.Bd -literal 129umask 130.Ed 131.It LOGIN_SETPATH 132Set the "path" and "manpath" environment variables based on values 133in the user or system login class database. 134Class capability tags used with the corresponding environment 135variables set: 136.Bd -literal 137path PATH 138manpath MANPATH 139.Ed 140.It LOGIN_SETENV 141Set various environment variables based on values in the user or 142system login class database. 143Class capability tags used with the corresponding environment 144variables set: 145.Bd -literal 146lang LANG 147charset MM_CHARSET 148timezone TZ 149term TERM 150.Ed 151.Pp 152Additional environment variables may be set using the list type 153capability "setenv=var1 val1,var2 val2..,varN valN". 154.It LOGIN_SETALL 155Enables all of the above settings. 156.El 157.Pp 158Note that when setting environment variables and a valid passwd 159pointer is provided in the 160.Ar pwd 161parameter, the characters 162.Ql \&~ 163and 164.Ql \&$ 165are substituted for the user's home directory and login name 166respectively. 167.Pp 168The 169.Fn setclassresources 170and 171.Fn setclassenvironment 172functions are subsets of the setcontext functions above, but may 173be useful in isolation. 174.Sh RETURN VALUES 175.Fn setclassenvironment 176, 177.Fn setclasscontext 178and 179.Fn setusercontext 180return -1 if an error occurred, or 0 on success. 181If an error occurs when attempting to set the user, login, group 182or resources, a message is reported to 183.Xr syslog 3 , 184with LOG_ERR priority and directed to the currently active facility. 185.Sh ERRORS 186.Bl -tag -width Er 187.It Bq Er ENOMEM 188The function 189.Fn setclassenvironment 190failed because it were unable to allocate memory for the environment. 191.El 192.Sh SEE ALSO 193.Xr setgid 2 , 194.Xr setlogin 2 , 195.Xr setuid 2 , 196.Xr getcap 3 , 197.Xr initgroups 3 , 198.Xr login_cap 3 , 199.Xr login.conf 5 , 200.Xr termcap 5 201