PFEXEC(1) User Commands PFEXEC(1)
pfexec, pfsh, pfcsh, pfksh - execute a command in a profile
/usr/bin/pfexec command
/usr/bin/pfexec -P privspec command [ arg ]...
/usr/bin/pfsh [ options ] [ argument ]...
/usr/bin/pfcsh [ options ] [ argument ]...
/usr/bin/pfksh [ options ] [ argument ]...
The pfexec program is used to execute commands with the attributes
specified by the user's profiles in the exec_attr(5) database. It is
invoked by the profile shells, pfsh, pfcsh, and pfksh which are
linked to the Bourne shell, C shell, and Korn shell, respectively.
Profiles are searched in the order specified in the user's entry in
the user_attr(5) database. If the same command appears in more than
one profile, the profile shell uses the first matching entry.
The second form, pfexec -P privspec, allows a user to obtain the
additional privileges awarded to the user's profiles in prof_attr(5).
The privileges specification on the commands line is parsed using
priv_str_to_set(3C). The resulting privileges are intersected with
the union of the privileges specified using the "privs" keyword in
prof_attr(5) for all the user's profiles and added to the inheritable
set before executing the command.
For pfexec to function correctly, the pfexecd daemon must be running
in the current zone. This is normally managed by the
"svc:/system/pfexec:default" SMF service (see smf(7)).
pfexec is used to execute commands with predefined process
attributes, such as specific user or group IDs.
Refer to the sh(1), csh(1), and ksh(1) man pages for complete usage
descriptions of the profile shells.
example% pfexec -P all chown user file
This command runs chown user file with all privileges assigned to the
current user, not necessarily all privileges.
The following exit values are returned:
0
Successful completion.
1
An error occurred.
csh(1), ksh(1), profiles(1), sh(1), exec_attr(5), prof_attr(5),
user_attr(5), attributes(7), smf(7)
July 8, 2016 PFEXEC(1)
NAME
pfexec, pfsh, pfcsh, pfksh - execute a command in a profile
SYNOPSIS
/usr/bin/pfexec command
/usr/bin/pfexec -P privspec command [ arg ]...
/usr/bin/pfsh [ options ] [ argument ]...
/usr/bin/pfcsh [ options ] [ argument ]...
/usr/bin/pfksh [ options ] [ argument ]...
DESCRIPTION
The pfexec program is used to execute commands with the attributes
specified by the user's profiles in the exec_attr(5) database. It is
invoked by the profile shells, pfsh, pfcsh, and pfksh which are
linked to the Bourne shell, C shell, and Korn shell, respectively.
Profiles are searched in the order specified in the user's entry in
the user_attr(5) database. If the same command appears in more than
one profile, the profile shell uses the first matching entry.
The second form, pfexec -P privspec, allows a user to obtain the
additional privileges awarded to the user's profiles in prof_attr(5).
The privileges specification on the commands line is parsed using
priv_str_to_set(3C). The resulting privileges are intersected with
the union of the privileges specified using the "privs" keyword in
prof_attr(5) for all the user's profiles and added to the inheritable
set before executing the command.
For pfexec to function correctly, the pfexecd daemon must be running
in the current zone. This is normally managed by the
"svc:/system/pfexec:default" SMF service (see smf(7)).
USAGE
pfexec is used to execute commands with predefined process
attributes, such as specific user or group IDs.
Refer to the sh(1), csh(1), and ksh(1) man pages for complete usage
descriptions of the profile shells.
EXAMPLES
Example 1: Obtaining additional user privileges
example% pfexec -P all chown user file
This command runs chown user file with all privileges assigned to the
current user, not necessarily all privileges.
EXIT STATUS
The following exit values are returned:
0
Successful completion.
1
An error occurred.
SEE ALSO
csh(1), ksh(1), profiles(1), sh(1), exec_attr(5), prof_attr(5),
user_attr(5), attributes(7), smf(7)
July 8, 2016 PFEXEC(1)