privgrp.4 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

privgrp(4) privgrp(4)

NAME

privgrp() - format of privileged values

SYNOPSIS

#include <sys/privgrp.h>

DESCRIPTION

setprivgrp() sets a mask of privileges, and getprivgrp (2) returns an array of structures giving

privileged group assignments on a per-group-ID basis (see getprivgrp (2)).

setprivgrp() associates a

kernel capability with a group ID. This allows subletting of superuser-like privileges to members of a

particular group or groups. The constants and structures needed for these system calls are deﬁned in

Privileges are as follows:

PRIV_RTPRIO Allows access to the rtprio() system call (see rtprio (2)).

PRIV_MLOCK Allows access to the plock() system call (see plock (2)).

PRIV_CHOWN Allows access to the chown() system calls (see chown(2)).

PRIV_LOCKRDONLY

Permits the use of the

lockf() system call for setting locks on ﬁles

open for reading only (see lockf (2)).

PRIV_SETRUGID Permits the use of the setuid() and setgid() system calls for

changing respectively the real user ID and real group ID of a process (see

setuid (2)).

PRIV_MPCTL Permits the use of the mpctl() system call for changing processor

binding, locality domain binding or launch policy of a process (see

mpctl (2)).

PRIV_RTSCHED Allows access to the sched_setparam()

and

sched_setscheduler()

to set POSIX.4 realtime priorities (see

rtsched (2)).

PRIV_SERIALIZE Permits the use of

serialize() for forcing the target process to run

serially with other processes that are also marked by this system call

(see serialize (2)).

PRIV_SPUCTL Permits certain administrative operations in the Instant Capacity (iCAP)

product for deactivation and reactivation of processors. See that

product’s documentation for more information.

PRIV_FSSTHREAD Permits certain administrative operations in Process Resource Manager

(PRM) product. See that product’s documentation for more information.

PRIV_PSET Allows change to the system pset conﬁguration (see pset_create (2)).

Privileges are described in a multiword mask. The value of the

#define for each privilege is inter-

preted as a bit index (counting from 1). Thus a group ID can have several different privileges associated

with it by having different bits ORed into the mask.

The system is conﬁgured with a speciﬁed maximum number of groups with special privileges.

PRIV_MAXGRPS deﬁnes this maximum. Of this maximum, one is reserved for global privileges (granted

to all processes) and the remainder can be assigned to actual group IDs.

PRIV_MASKSIZ deﬁnes the size of the multiword mask used in deﬁning privileges associated with a

group ID.

Privileges are returned to the user from the

getprivgrp() system call in an array of structures of

type struct privgrp_map. The structure associates a multiword mask with a group ID. The

privgrp_map structure contains the ﬁelds:

gid_t priv_groupno

uint32_t priv_mask[PRIV_MASKSIZ]

where priv_groupno contains the group ID (see setprivgrp (2)), and priv_mask contains the privilege mask

associated with priv_groupno .

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (2 pages)

PAGE 1
privgrp(4) privgrp(4) NAME privgrp() - format of privileged values SYNOPSIS #include DESCRIPTION setprivgrp() sets a mask of privileges, and getprivgrp (2) returns an array of structures giving privileged group assignments on a per-group-ID basis (see getprivgrp (2)). setprivgrp() associates a kernel capability with a group ID. This allows subletting of superuser-like privileges to members of a particular group or groups.
PAGE 2
privgrp(4) privgrp(4) SEE ALSO getprivgrp(1), setprivgrp(1M), chown(2), getprivgrp(2), lockf(2), mpctl(2), plock(2), pset_create(2), rtprio(2), rtsched(2), serialize(2), setgid(2), setuid(2), shmctl(2).