cm getsetuid(8dfs)

Synopsis

cm getsetuid [-path {filename | directory_name}...] [-help]

Options

-path {filename | directory_name}
Names a file or directory from each fileset whose setuid permission is to be displayed. If this option is omitted, permission information is displayed for the fileset containing the current working directory.

-help
Prints the online help for this command. All other valid options specified with this option are ignored.

Description
The cm getsetuid command reports whether the Cache Manager allows setuid programs from the indicated filesets to run with setuid permission. Indicate each fileset whose setuid permission is desired by specifying the name of a file or directory in the fileset with the -path option. This information comes from the kernel of the workstation on which the command is issued.

Note that setuid programs are effective only in the local environment. A setuid program can change only the local identity under which a program runs; it cannot change the DCE identity with which a program executes because it provides no Kerberos tickets. DCE does not recognize the change to the local identity associated with a setuid program.

Because setgid programs on filesets are enabled or disabled along with setuid programs, this command also reports the status of setgid programs on the indicated filesets. System administrators set setuid and setgid status on a per-fileset and per-Cache Manager basis with the cm setsetuid command. By default, the Cache Manager does not allow setuid programs from a fileset to execute with setuid permission.

Privilege Required
No privileges are required.

Output
The cm getsetuid command first displays the line

Fileset pathname status:

In the output, pathname is the name of a file or directory specified with the -path option. For each specified file or directory, the following output values are possible for the fileset on which it resides:

setuid allowed
Indicates that setuid and setgid programs from the fileset are enabled.

no setuid allowed
Indicates that setuid and setgid programs from the fileset are disabled.

cm: the fileset on which 'pathname' resides does not exist
Indicates that the specified pathname is invalid.

Examples
The following command indicates that setuid and setgid programs from the fileset that contains the directory /.../abc.com/fs/usr/jlw are disabled:

$ cm getsetuid /.../abc.com/fs/usr/jlw

Fileset /.../abc.com/fs/usr/jlw status: no setuid allowed

Related Information
Commands: cm setsetuid(8dfs)