{ "mode": "man", "parameter": "gradm", "section": "8", "url": "https://www.chedong.com/phpMan.php/man/gradm/8/json", "generated": "2026-05-30T06:10:36Z", "synopsis": "gradm [ -E ] [ -R ] [ -C ] [ -F ] [ -L ] [ -O ] [ -M ] [ -D ] [ -P [rolename] ] [ -a ] [ -n ] [ -p ] [", "sections": { "NAME": { "content": "gradm - Administration program for the grsecurity RBAC system\n", "subsections": [] }, "SYNOPSIS": { "content": "gradm [ -E ] [ -R ] [ -C ] [ -F ] [ -L ] [ -O ] [ -M ] [ -D ] [ -P [rolename] ] [ -a ] [ -n ] [ -p ] [", "subsections": [ { "name": "-u -V -h -v", "content": "", "flag": "-v" } ] }, "DESCRIPTION": { "content": "gradm is the userspace RBAC parsing and authentication program for grsecurity\n\ngrsecurity aims to be a complete security system for Linux 2.4. gradm performs several tasks\nfor the RBAC system including authenticated via a password to the kernel and parsing rules to\nbe passed to the kernel.\n\n", "subsections": [] }, "OPTIONS": { "content": "All options to gradm are mutually exclusive, except for -L and -O.\n", "subsections": [ { "name": "-E", "content": "", "flag": "-E" }, { "name": "-R", "content": "", "flag": "-R" }, { "name": "-C", "content": "formed when enabling.\n\n", "flag": "-C" }, { "name": "-F", "content": "learning mode. If used with -L and -O, it parses the full learning logs and generates\na complete ruleset.\n\n", "flag": "-F" }, { "name": "-M ", "content": "Remove an execution ban on a given uid or filename that has been put in place by the\nRESCRASH resource restriction of the RBAC system.\n\n", "flag": "-M", "arg": "" }, { "name": "-L ", "content": "Parses the learning logs. Accepts an argument which specifies the logfile to scan for\nthe learning logs. If \"-\" is specified as the logfile, stdin will be used as the\nlearning log. This option can be used with -E, -O, or -F.\n\n", "flag": "-L", "arg": "" }, { "name": "-O ", "content": "Specifies output mode. Requires a single argument that can be \"stdout\", \"stderr\", or\na regular file. Only used with -L or -F.\n\n", "flag": "-O", "arg": "" }, { "name": "-D", "content": "", "flag": "-D" }, { "name": "-P [rolename]", "content": "Without an argument, it sets the password for administering the RBAC system. With a\nrole name as an argument, it sets the password for that given special role.\n\n", "flag": "-P", "arg": "[rolename]" }, { "name": "-a ", "content": "Authenticate to a special role that requires a password.\n\n", "flag": "-a", "arg": "" }, { "name": "-n ", "content": "Authenticate to a special role that does not require a password.\n\n", "flag": "-n", "arg": "" }, { "name": "-p ", "content": "Authenticate through PAM to a special role.\n\n", "flag": "-p", "arg": "" }, { "name": "-u", "content": "lection. To be used, for instance, for logging out of an admin role without exiting\nyour shell.\n\n", "flag": "-u" }, { "name": "-V", "content": "policy. Can only be used with -C, -E, or -F -L \n\n", "flag": "-V" }, { "name": "-h", "content": "", "flag": "-h" }, { "name": "-v", "content": "", "flag": "-v" } ] }, "REPORTING BUGS": { "content": "Please include as much information as possible(using any available debugging options) and\nsend bug reports for gradm or the grsecurity RBAC system to spender@grsecurity.net.\n\n", "subsections": [] }, "AUTHOR": { "content": "grsecurity and gradm were created and are maintained by Brad Spengler \n\n\n\nGRADM(8)", "subsections": [] } }, "summary": "gradm - Administration program for the grsecurity RBAC system", "flags": [ { "flag": "-E", "long": null, "arg": null, "description": "" }, { "flag": "-R", "long": null, "arg": null, "description": "" }, { "flag": "-C", "long": null, "arg": null, "description": "formed when enabling." }, { "flag": "-F", "long": null, "arg": null, "description": "learning mode. If used with -L and -O, it parses the full learning logs and generates a complete ruleset." }, { "flag": "-M", "long": null, "arg": "", "description": "Remove an execution ban on a given uid or filename that has been put in place by the RESCRASH resource restriction of the RBAC system." }, { "flag": "-L", "long": null, "arg": "", "description": "Parses the learning logs. Accepts an argument which specifies the logfile to scan for the learning logs. If \"-\" is specified as the logfile, stdin will be used as the learning log. This option can be used with -E, -O, or -F." }, { "flag": "-O", "long": null, "arg": "", "description": "Specifies output mode. Requires a single argument that can be \"stdout\", \"stderr\", or a regular file. Only used with -L or -F." }, { "flag": "-D", "long": null, "arg": null, "description": "" }, { "flag": "-P", "long": null, "arg": null, "description": "Without an argument, it sets the password for administering the RBAC system. With a role name as an argument, it sets the password for that given special role." }, { "flag": "-a", "long": null, "arg": "", "description": "Authenticate to a special role that requires a password." }, { "flag": "-n", "long": null, "arg": "", "description": "Authenticate to a special role that does not require a password." }, { "flag": "-p", "long": null, "arg": "", "description": "Authenticate through PAM to a special role." }, { "flag": "-u", "long": null, "arg": null, "description": "lection. To be used, for instance, for logging out of an admin role without exiting your shell." }, { "flag": "-V", "long": null, "arg": null, "description": "policy. Can only be used with -C, -E, or -F -L " }, { "flag": "-h", "long": null, "arg": null, "description": "" }, { "flag": "-v", "long": null, "arg": null, "description": "" } ], "examples": [], "see_also": [] }