Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions

131

132

133

134

135

136

137

138

139

140

Table 7-3 Available Privileges (continued)

DescriptionPrivilege

Allows a process to change its root directory.PRIV_CHROOT

Allows a process to change its UIDs, GIDs, and group lists. Also

allows a process to leave the suid or sgid bits set on the file when

the chown() system call is used.

PRIV_CHSUBJIDENT

Allows a process to open a file or directory for reading, executing,

or searching, bypassing compartment rules that otherwise would

not permit these operations.

PRIV_CMPTREAD

Allows a process to write to a file or directory, bypassing

compartment rules that otherwise would not permit this operation.

PRIV_CMPTWRITE

Allows a process to override compartment rules in the IPC and

networking subsystems.

PRIV_COMMALLOWED

Enables a process to manage system attributes including the setting

of tunables and modifying user quotas.

This privilege is valid only when the HP-UX ContainmentPlus product

(version B.11.31.02 or later) is installed on the system.

PRIV_CORESYSATTR

Allows a process to override all discretionary read, execute, and

search access restrictions.

PRIV_DACREAD

Allows a process to override all discretionary write access

restrictions.

PRIV_DACWRITE

Allows a process to do device administrative operations that are

not specific to streams-based or pseudo terminals.

NOTE: If the HP-UX ContainmentPlus product (version B.11.31.02

or later) is installed on the system, the PRIV_DEVOPS privilege is

divided into PRIV_RDEVOPS and PRIV_PTYOPS. See

“Compatibility Information for Divided Privileges” (page 135).

PRIV_DEVOPS

Allows a process to load a kernel module, get information about a

loaded kernel module, and change global search paths for a

dynamically loadable kernel module.

PRIV_DLKM

Allows a process to perform disk operations such as removing or

modifying the size or boundaries of disk partitions, or to import and

export an LVM volume group across the system.

PRIV_FSINTEGRITY

Allows a process to mount and unmount a file system using the

mount() and umount() system calls.

This privilege is valid only when the HP-UX ContainmentPlus product

(version B.11.31.02 or later) is installed on the system.

PRIV_FSMOUNT

Enables a process to modify the host name and domain name.

This privilege is valid only when the HP-UX ContainmentPlus product

(version B.11.31.02 or later) is installed on the system.

PRIV_HOSTATTR

7.3 Available Privileges 133