1.\" Copyright (c) 1995 David Nugent <davidn@blaze.net.au> 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, is permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice immediately at the beginning of the file, without modification, 9.\" this list of conditions, and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 3. This work was done expressly for inclusion into FreeBSD. Other use 14.\" is permitted provided this notation is included. 15.\" 4. Absolutely no warranty of function or purpose is made by the author 16.\" David Nugent. 17.\" 5. Modifications may be freely made to this file providing the above 18.\" conditions are met. 19.\" 20.\" $FreeBSD$ 21.\" 22.Dd March 24, 2011 23.Dt LOGIN_CLASS 3 24.Os 25.Sh NAME 26.Nm setclasscontext , 27.Nm setclasscpumask , 28.Nm setclassenvironment , 29.Nm setclassresources , 30.Nm setusercontext 31.Nd "functions for using the login class capabilities database" 32.Sh LIBRARY 33.Lb libutil 34.Sh SYNOPSIS 35.In sys/types.h 36.In login_cap.h 37.Ft int 38.Fn setclasscontext "const char *classname" "unsigned int flags" 39.Ft void 40.Fn setclasscpumask "login_cap_t *lc" 41.Ft void 42.Fn setclassenvironment "login_cap_t *lc" "const struct passwd *pwd" "int paths" 43.Ft void 44.Fn setclassresources "login_cap_t *lc" 45.Ft int 46.Fn setusercontext "login_cap_t *lc" "const struct passwd *pwd" "uid_t uid" "unsigned int flags" 47.Sh DESCRIPTION 48These functions provide a higher level interface to the login class 49database than those documented in 50.Xr login_cap 3 . 51These functions are used to set resource limits, environment and 52accounting settings for users on logging into the system and when 53selecting an appropriate set of environment and resource settings 54for system daemons based on login classes. 55These functions may only be called if the current process is 56running with root privileges. 57If the LOGIN_SETLOGIN flag is used this function calls 58.Xr setlogin 2 , 59and due care must be taken as detailed in the manpage for that 60function and this affects all processes running in the same session 61and not just the current process. 62.Pp 63The 64.Fn setclasscontext 65function sets various class context values (resource limits, umask and 66process priorities) based on values for a specific named class. 67.Pp 68The 69.Fn setusercontext 70function sets class context values based on a given login_cap_t 71object and a specific passwd record (if login_cap_t is NULL), 72the current session's login, and the current process 73user and group ownership. 74Each of these actions is selectable via bit-flags passed 75in the 76.Ar flags 77parameter, which is comprised of one or more of the following: 78.Bl -tag -width LOGIN_SETLOGINCLASS 79.It LOGIN_SETLOGIN 80Set the login associated with the current session to the user 81specified in the passwd structure using 82.Xr setlogin 2 . 83The 84.Ar pwd 85parameter must not be NULL if this option is used. 86.It LOGIN_SETUSER 87Set ownership of the current process to the uid specified in the 88.Ar uid 89parameter using 90.Xr setuid 2 . 91.It LOGIN_SETGROUP 92Set group ownership of the current process to the group id 93specified in the passwd structure using 94.Xr setgid 2 , 95and calls 96.Xr initgroups 3 97to set up the group access list for the current process. 98The 99.Ar pwd 100parameter must not be NULL if this option is used. 101.It LOGIN_SETRESOURCES 102Set resource limits for the current process based on values 103specified in the system login class database. 104Class capability tags used, with and without -cur (soft limit) 105or -max (hard limit) suffixes and the corresponding resource 106setting: 107.Bd -literal 108cputime RLIMIT_CPU 109filesize RLIMIT_FSIZE 110datasize RLIMIT_DATA 111stacksize RLIMIT_STACK 112coredumpsize RLIMIT_CORE 113memoryuse RLIMIT_RSS 114memorylocked RLIMIT_MEMLOCK 115maxproc RLIMIT_NPROC 116openfiles RLIMIT_NOFILE 117sbsize RLIMIT_SBSIZE 118vmemoryuse RLIMIT_VMEM 119pseudoterminals RLIMIT_NPTS 120swapuse RLIMIT_SWAP 121kqueues RLIMIT_KQUEUES 122umtxp RLIMIT_UMTXP 123.Ed 124.It LOGIN_SETPRIORITY 125Set the scheduling priority for the current process based on the 126value specified in the system login class database. 127Class capability tags used: 128.Bd -literal 129priority 130.Ed 131.It LOGIN_SETUMASK 132Set the umask for the current process to a value in the user or 133system login class database. 134Class capability tags used: 135.Bd -literal 136umask 137.Ed 138.It LOGIN_SETPATH 139Set the "path" and "manpath" environment variables based on values 140in the user or system login class database. 141Class capability tags used with the corresponding environment 142variables set: 143.Bd -literal 144path PATH 145manpath MANPATH 146.Ed 147.It LOGIN_SETENV 148Set various environment variables based on values in the user or 149system login class database. 150Class capability tags used with the corresponding environment 151variables set: 152.Bd -literal 153lang LANG 154charset MM_CHARSET 155timezone TZ 156term TERM 157.Ed 158.Pp 159Additional environment variables may be set using the list type 160capability "setenv=var1 val1,var2 val2..,varN valN". 161.It LOGIN_SETMAC 162Set the MAC label for the current process to the label specified 163in system login class database. 164.It LOGIN_SETCPUMASK 165Create a new 166.Xr cpuset 2 167and set the cpu affinity to the specified mask. 168The string may contain a comma separated list of numbers and/or number 169ranges as handled by the 170.Xr cpuset 1 171utility or the case-insensitive string 172.Ql default . 173If the string is 174.Ql default 175no action will be taken. 176.It LOGIN_SETLOGINCLASS 177Set the login class of the current process using 178.Xr setloginclass 2 . 179.It LOGIN_SETALL 180Enables all of the above settings. 181.El 182.Pp 183Note that when setting environment variables and a valid passwd 184pointer is provided in the 185.Ar pwd 186parameter, the characters 187.Ql \&~ 188and 189.Ql \&$ 190are substituted for the user's home directory and login name 191respectively. 192.Pp 193The 194.Fn setclasscpumask , 195.Fn setclassresources 196and 197.Fn setclassenvironment 198functions are subsets of the setcontext functions above, but may 199be useful in isolation. 200.Sh RETURN VALUES 201The 202.Fn setclasscontext 203and 204.Fn setusercontext 205functions return -1 if an error occurred, or 0 on success. 206If an error occurs when attempting to set the user, login, group 207or resources, a message is reported to 208.Xr syslog 3 , 209with LOG_ERR priority and directed to the currently active facility. 210.Sh SEE ALSO 211.Xr cpuset 1 , 212.Xr ps 1 , 213.Xr cpuset 2 , 214.Xr setgid 2 , 215.Xr setlogin 2 , 216.Xr setloginclass 2 , 217.Xr setuid 2 , 218.Xr getcap 3 , 219.Xr initgroups 3 , 220.Xr login_cap 3 , 221.Xr mac_set_proc 3 , 222.Xr login.conf 5 , 223.Xr termcap 5 224