AUTH

The authentication model (AUTH) restricts the capability of a process to CHANGE_OWNER. Only user IDs a process has an AUTH capability for can be reached, all other setuid requests are denied. AUTH thus controls, under which user IDs programs can be executed, and easily restricts login paths to the system.

AUTH capabilities can be set at the program file and are then inherited at execution, or they can be set directly on the process by other processes, which have a special flag auth_may_set_cap set. Additionally, there is a shortcut flag auth_may_setuid, which turns the capability check for this program off.

The capability setting scheme makes a daemon based authentication enforcable: an authentication daemon can set only those capabilities for a process, which the process has successfully authenticated for.

As an important base model, AUTH is the only model which is not independent of all others: all changes to AUTH settings are controlled by requests to ADF.