From ALT Linux Wiki


control is a framework allowing to select one of several fixed configurations for tasks lending themselves to such a selection; it is used in ALT Linux and Owl GNU/*/Linux to manage SUID/SGID binaries in the first place.

Thus control cdrecord public and control cdrecord restricted commands will allow cdrecord use to all users or to cdwriter group members only, appropriately.

One can list all the facilities available along with their current state and allowed states by running control with no arguments.

control runs a corresponding /etc/control.d/facilities/ script to switch state. Implementation of particular facility switcher is up to its developer's fancy :)

E.g., cdrecord script changes permissions for cdrecord binary while cups script edits cupsd.conf regarding RunAsUser.


$ sudo control 
at              restricted      (public restricted atdaemon)
crontab         public          (public restricted)
fusermount      restricted      (public wheelonly restricted)
gpasswd         restricted      (public wheelonly restricted)
mount           public          (public wheelonly restricted)
newgrp          restricted      (public wheelonly restricted)
nfsmount        restricted      (public wheelonly restricted)
pam_mktemp      enabled         (enabled disabled)
passwd          tcb             (tcb traditional restricted)
ping            public          (public netadmin restricted)
ping6           restricted      (public netadmin restricted)
postfix         local           (local server filter)
postqueue       public          (public mailadm restricted)
sftp            disabled        (enabled disabled)
su              wheelonly       (public wheel wheelonly restricted)
sudo            public          (public wheelonly restricted)
sudoers         unknown         (strict relaxed)
system-auth     local           (local ldap)
tcb_chkpwd      tcb             (traditional tcb restricted)
write           public          (public restricted)