privgrp(4) privgrp(4)
NAME [Toc] [Back]
privgrp - format of privileged values
SYNOPSIS [Toc] [Back]
#include <sys/privgrp.h>
DESCRIPTION [Toc] [Back]
setprivgrp() sets a mask of privileges, and getprivgrp(2) returns an
array of structures giving privileged group assignments on a pergroup-ID
basis (see getprivgrp(2)). setprivgrp() associates a kernel
capability with a group ID. This allows subletting of superuser-like
privileges to members of a particular group or groups. The constants
and structures needed for these system calls are defined in
<sys/privgrp.h>.
Privileges are as follows:
PRIV_RTPRIO Allows access to the rtprio() system
call (see rtprio(2)).
PRIV_MLOCK Allows access to the plock() system call
(see plock(2)).
PRIV_CHOWN Allows access to the chown() system
calls (see chown(2)).
PRIV_LOCKRDONLY Permits the use of the lockf() system
call for setting locks on files open for
reading only (see lockf(2)).
PRIV_SETRUGID Permits the use of the setuid() and
setgid() system calls for changing
respectively the real user ID and real
group ID of a process (see setuid(2)).
PRIV_MPCTL Permits the use of the mpctl() system
call for changing processor binding,
locality domain binding or launch policy
of a process (see mpctl(2)).
PRIV_RTSCHED Allows access to the sched_setparam()
and sched_setscheduler() to set POSIX.4
real-time priorities (see rtsched(2)).
PRIV_SERIALIZE Permits the use of serialize() for
forcing the target process to run
serially with other processes that are
also marked by this system call (see
serialize(2)).
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: August 2003
privgrp(4) privgrp(4)
PRIV_SPUCTL Permits certain administrative
operations in the Instant Capacity On
Demand (iCOD) product for deactivation
and reactivation of processors. See
that product's documentation for more
information.
PRIV_FSSTHREAD Permits certain administrative
operations in Process Resource Manager
(PRM) product. See that product's
documentation for more information.
PRIV_PSET Allows change to the system pset
configuration (see pset_create(2)).
Privileges are described in a multi-word mask. The value of the
#define for each privilege is interpreted as a bit index (counting
from 1). Thus a group-id can have several different privileges
associated with it by having different bits ORed into the mask.
The system is configured with a specified maximum number of groups
with special privileges. PRIV_MAXGRPS defines this maximum. Of this
maximum, one is reserved for global privileges (granted to all
processes) and the remainder can be assigned to actual group-ids.
PRIV_MASKSIZ defines the size of the multi-word mask used in defining
privileges associated with a group-ID.
Privileges are returned to the user from the getprivgrp() system call
in an array of structures of type struct privgrp_map. The structure
associates a multi-word mask with a group-ID. The privgrp_map
structure contains the fields:
gid_t priv_groupno
uint32_t priv_mask[PRIV_MASKSIZ]
Where priv_groupno contains the group id (see setprivgrp(2)), and
priv_mask contains the privilege mask associated with priv_groupno.
SEE ALSO [Toc] [Back]
getprivgrp(1), setprivgrp(1M), chown(2), getprivgrp(2), lockf(2),
plock(2), rtprio(2), rtsched(2), serialize(2), setgid(2), setuid(2),
shmctl(2), mpctl(2), pset_create(2).
Hewlett-Packard Company - 2 - HP-UX 11i Version 2: August 2003 [ Back ] |
