FreeBSD Manual Pages
LOGIN_CLASS(3) FreeBSD Library Functions Manual LOGIN_CLASS(3) NAME setclasscontext, setclasscpumask, setclassenvironment, setclassresources, setusercontext -- functions for using the login class capabilities data- base LIBRARY System Utilities Library (libutil, -lutil) SYNOPSIS #include <sys/types.h> #include <login_cap.h> int setclasscontext(const char *classname, unsigned int flags); void setclasscpumask(login_cap_t *lc); void setclassenvironment(login_cap_t *lc, const struct passwd *pwd, int paths); void setclassresources(login_cap_t *lc); int setusercontext(login_cap_t *lc, const struct passwd *pwd, uid_t uid, unsigned int flags); DESCRIPTION These functions provide a higher level interface to the login class data- base than those documented in login_cap(3). These functions are used to set resource limits, environment and accounting settings for users on logging into the system and when selecting an appropriate set of environ- ment and resource settings for system daemons based on login classes. These functions may only be called if the current process is running with root privileges. If the LOGIN_SETLOGIN flag is used this function calls setlogin(2), and due care must be taken as detailed in the manpage for that function and this affects all processes running in the same session and not just the current process. The setclasscontext() function sets various class context values (re- source limits, umask and process priorities) based on values for a spe- cific named class. The setusercontext() function sets class context values based on a given login_cap_t object and a specific passwd record (if login_cap_t is NULL), the current session's login, and the current process user and group own- ership. Each of these actions is selectable via bit-flags passed in the flags parameter, which is comprised of one or more of the following: LOGIN_SETLOGIN Set the login associated with the current session to the user specified in the passwd structure using setlogin(2). The pwd parameter must not be NULL if this option is used. LOGIN_SETUSER Set ownership of the current process to the uid specified in the uid parameter using setuid(2). LOGIN_SETGROUP Set group ownership of the current process to the group id specified in the passwd structure using setgid(2), and calls initgroups(3) to set up the group access list for the current process. The pwd parameter must not be NULL if this option is used. LOGIN_SETRESOURCES Set resource limits for the current process based on values specified in the system login class database. Class capability tags used, with and without -cur (soft limit) or -max (hard limit) suffixes and the corresponding resource setting: cputime RLIMIT_CPU filesize RLIMIT_FSIZE datasize RLIMIT_DATA stacksize RLIMIT_STACK coredumpsize RLIMIT_CORE memoryuse RLIMIT_RSS memorylocked RLIMIT_MEMLOCK maxproc RLIMIT_NPROC openfiles RLIMIT_NOFILE sbsize RLIMIT_SBSIZE vmemoryuse RLIMIT_VMEM pseudoterminals RLIMIT_NPTS swapuse RLIMIT_SWAP kqueues RLIMIT_KQUEUES umtxp RLIMIT_UMTXP LOGIN_SETPRIORITY Set the scheduling priority for the current process based on the value specified in the system login class database. Class capability tags used: priority LOGIN_SETUMASK Set the umask for the current process to a value in the user or system login class database. Class ca- pability tags used: umask LOGIN_SETPATH Set the "path" and "manpath" environment variables based on values in the user or system login class database. Class capability tags used with the cor- responding environment variables set: path PATH manpath MANPATH LOGIN_SETENV Set various environment variables based on values in the user or system login class database. Class ca- pability tags used with the corresponding environ- ment variables set: lang LANG charset MM_CHARSET timezone TZ term TERM Additional environment variables may be set using the list type capability "setenv=var1 val1,var2 val2..,varN valN". LOGIN_SETMAC Set the MAC label for the current process to the la- bel specified in system login class database. LOGIN_SETCPUMASK Create a new cpuset(2) and set the cpu affinity to the specified mask. The string may contain a comma separated list of numbers and/or number ranges as handled by the cpuset(1) utility or the case-insen- sitive string `default'. If the string is `default' no action will be taken. LOGIN_SETLOGINCLASS Set the login class of the current process using setloginclass(2). LOGIN_SETALL Enables all of the above settings. Note that when setting environment variables and a valid passwd pointer is provided in the pwd parameter, the characters `~' and `$' are substi- tuted for the user's home directory and login name respectively. The setclasscpumask(), setclassresources() and setclassenvironment() functions are subsets of the setcontext functions above, but may be use- ful in isolation. RETURN VALUES The setclasscontext() and setusercontext() functions return -1 if an er- ror occurred, or 0 on success. If an error occurs when attempting to set the user, login, group or resources, a message is reported to syslog(3), with LOG_ERR priority and directed to the currently active facility. SEE ALSO cpuset(1), ps(1), cpuset(2), setgid(2), setlogin(2), setloginclass(2), setuid(2), getcap(3), initgroups(3), login_cap(3), mac_set_proc(3), login.conf(5), termcap(5) HISTORY The functions setclasscontext(), setclasscpumask(), setclassenvironment(), setclassresources() and setusercontext() first ap- peared in FreeBSD 2.1.5. FreeBSD 13.0 May 10, 2020 FreeBSD 13.0
NAME | LIBRARY | SYNOPSIS | DESCRIPTION | RETURN VALUES | SEE ALSO | HISTORY
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=setusercontext&sektion=3&manpath=FreeBSD+13.1-RELEASE+and+Ports>