acl_chg or acl_fchg | Change the access control information on a file |
acl_get or acl_fget | Get the access control information of a file |
acl_put or acl_fput | Set the access control information of a file |
acl_set or acl_fset | Set the base entries of the access control information of a file |
chacl or fchac l | Change the permissions on a file |
chmod or fchmod | Change file access permissions |
chown, fchown, chownx, or fchownx | Change file ownership |
frevoke | Revokes access to a file by other processes |
revoke | Revokes access to a file |
statacl or fstatacl | Retrieve the access control information for a file |
audit | Enables and disables system auditing |
auditbin | Defines files to contain audit records |
auditevents | Gets or sets the status of system event auditing |
auditlog | Appends an audit record to an audit bin file |
auditobj | Gets or sets the auditing mode of a system data object |
auditpack | Compresses and uncompresses audit bins |
auditproc | Gets or sets the audit state of a process |
auditread or auditread_r | Read an audit record |
auditwrite | Writes an audit record |
User authentication routines have a potential to store passwords and encrypted passwords in memory. This may expose passwords and encrypted passwords in coredumps.
authenticate | Authenticates the user's name and password |
ckuseracct | Checks the validity of a user account |
ckuserID | Authenticates the user |
crypt, encrypt, or setkey | Encrypt or decrypt data |
getgrent, getgrgid, getgrnam, setgrent, or endgrent | Access the basic group information in the user database |
getgrgid_r | Gets a group database entry for a group ID in a multithreaded environment |
getgrnam_r | Searches a group database for a name in a multithreaded environment |
getgroupattr, IDtogroup, nextgroup, or putgroupattr | Access the group information in the user database |
getlogin | Gets the user's login name |
getlogin_r | Gets the user's login name in a multithreaded environment |
getpass | Reads a password |
getportattr or putportattr | Access the port information in the port database |
getpwent, getpwuid, getpwnam, putpwent, setpwent, or endpwent | Access the basic user information in the user database |
getuinfo | Finds the value associated with a user |
getuserattr, IDtouser, nextuser, or putuserattr | Access the user information in the user database |
getuserpw, putuserpw, or putuserpwhist | Access the user authentication data |
loginfailed | Records an unsuccessful login attempt |
loginrestrictions | Determines if a user is allowed to access the system |
loginsuccess | Records a successful login |
newpass | Generates a new password for a user |
passwdexpired | Checks the user's password to determine if it has expired |
setpwdb or endpwdb | Open or close the authentication database |
setuserdb or enduserdb | Open or close the user database |
system | Runs a shell command |
tcb | Alters the Trusted Computing Base status of a file |
getgid or getegid | Get the real or group ID of the calling process |
getgroups | Gets the concurrent group set of the current process |
getpcred | Gets the current process security credentials |
getpenv | Gets the current process environment |
getuid or geteuid | Get the real or effective user ID of the current process |
initgroups | Initializes the supplementary group ID of the current process |
kleenup | Cleans up the run-time environment of a process |
setgid, setrgid, setegid, or setregid | Set the group IDs of the calling process |
setgroups | Sets the supplementary group ID of the current process |
setpcred | Sets the current process credentials |
setpenv | Sets the current process environment |
setuid, setruid, setuid, or setreuid | Set the process user IDs |
usrinfo | Gets and sets user information about the owner of the current process |