| acl_chg or acl_fchg | Change the access control information on a file |
| acl_get or acl_fget | Get the access control information of a file |
| acl_put or acl_fput | Set the access control information of a file |
| acl_set or acl_fset | Set the base entries of the access control information of a file |
| chacl or fchac l | Change the permissions on a file |
| chmod or fchmod | Change file access permissions |
| chown, fchown, chownx, or fchownx | Change file ownership |
| frevoke | Revokes access to a file by other processes |
| revoke | Revokes access to a file |
| statacl or fstatacl | Retrieve the access control information for a file |
| audit | Enables and disables system auditing |
| auditbin | Defines files to contain audit records |
| auditevents | Gets or sets the status of system event auditing |
| auditlog | Appends an audit record to an audit bin file |
| auditobj | Gets or sets the auditing mode of a system data object |
| auditpack | Compresses and uncompresses audit bins |
| auditproc | Gets or sets the audit state of a process |
| auditread or auditread_r | Read an audit record |
| auditwrite | Writes an audit record |
User authentication routines have a potential to store passwords and encrypted passwords in memory. This may expose passwords and encrypted passwords in coredumps.
| authenticate | Authenticates the user's name and password |
| ckuseracct | Checks the validity of a user account |
| ckuserID | Authenticates the user |
| crypt, encrypt, or setkey | Encrypt or decrypt data |
| getgrent, getgrgid, getgrnam, setgrent, or endgrent | Access the basic group information in the user database |
| getgrgid_r | Gets a group database entry for a group ID in a multithreaded environment |
| getgrnam_r | Searches a group database for a name in a multithreaded environment |
| getgroupattr, IDtogroup, nextgroup, or putgroupattr | Access the group information in the user database |
| getlogin | Gets the user's login name |
| getlogin_r | Gets the user's login name in a multithreaded environment |
| getpass | Reads a password |
| getportattr or putportattr | Access the port information in the port database |
| getpwent, getpwuid, getpwnam, putpwent, setpwent, or endpwent | Access the basic user information in the user database |
| getuinfo | Finds the value associated with a user |
| getuserattr, IDtouser, nextuser, or putuserattr | Access the user information in the user database |
| getuserpw, putuserpw, or putuserpwhist | Access the user authentication data |
| loginfailed | Records an unsuccessful login attempt |
| loginrestrictions | Determines if a user is allowed to access the system |
| loginsuccess | Records a successful login |
| newpass | Generates a new password for a user |
| passwdexpired | Checks the user's password to determine if it has expired |
| setpwdb or endpwdb | Open or close the authentication database |
| setuserdb or enduserdb | Open or close the user database |
| system | Runs a shell command |
| tcb | Alters the Trusted Computing Base status of a file |
| getgid or getegid | Get the real or group ID of the calling process |
| getgroups | Gets the concurrent group set of the current process |
| getpcred | Gets the current process security credentials |
| getpenv | Gets the current process environment |
| getuid or geteuid | Get the real or effective user ID of the current process |
| initgroups | Initializes the supplementary group ID of the current process |
| kleenup | Cleans up the run-time environment of a process |
| setgid, setrgid, setegid, or setregid | Set the group IDs of the calling process |
| setgroups | Sets the supplementary group ID of the current process |
| setpcred | Sets the current process credentials |
| setpenv | Sets the current process environment |
| setuid, setruid, setuid, or setreuid | Set the process user IDs |
| usrinfo | Gets and sets user information about the owner of the current process |