privileges.5 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

privileges(5) privileges(5)

NAME

privileges - description of HP-UX privileges

DESCRIPTION

The UNIX operating system has traditionally used an "all or nothing" privilege model, where root users

(those with effective

UID 0

, such as the user named root) have virtually unlimited power, and other

users have few or no special privileges.

System administrators often need to delegate limited powers to other users. HP-UX provides several

ways to do this. Because these mechanisms permit users other than root users to perform certain

privileged operations, HP-UX documentation often uses terms such as "privileged user" or "user who has

appropriate privileges" instead of "root user" when describing who is permitted to perform an operation.

In the absence of a more speciﬁc description of the privileges necessary to perform an operation (typically

available in the man page for that operation), you can generally assume that root users are suitably

privileged.

Legacy Delegation Methods

HP-UX has used several methods of delegating limited powers, including restricted

sam, the privilege

groups described in privgrp (5), the

shutdown.allow

ﬁle described in shutdown (1M), and the

cron.allow ﬁle described in crontab (1).

Fine-Grained Privileges

The HP-UX ﬁne-grained privilege model splits the powers of root users into a set of privileges. Each

privilege grants a process that possesses that privilege the right to a certain set of restricted services pro-

vided by the kernel. Privileges can be managed internally by a process with "privilege bracketing".

Privilege bracketing is the practice of enabling, or "raising", a privilege only while the privilege is needed,

then disabling, or "lowering", the privilege. The privileges that a process has raised determine which sen-

sitive system call services the process can invoke.

Legacy Privileges

Legacy privileges are those privileges originally deﬁned in privgrp (5). All of the privileges from that set

except

PRIV_SETRUGID have been incorporated into ﬁne-grained privileges:

PRIV_CHOWN PRIV_FSSTHREAD PRIV_LOCKRDONLY PRIV_MLOCK

PRIV_MPCTL PRIV_PSET PRIV_RTPRIO PRIV_RTSCHED

PRIV_SERIALIZE PRIV_SPUCTL

Basic Privileges

Basic privileges are granted by default to all processes. The basic privileges are the set of the following:

PRIV_EXEC PRIV_FORK PRIV_LINKANY PRIV_SESSION

Root Replacement Privileges

Root replacement privileges are the privileges that provide the powers associated with a process that has

an effective user ID of zero. The root replacement privileges are the following:

PRIV_ACCOUNTING PRIV_AUDCONTROL PRIV_CHOWN PRIV_CHROOT

PRIV_CHSUBJIDENT PRIV_DACREAD PRIV_DACWRITE PRIV_DEVOPS

PRIV_DLKM PRIV_FSINTEGRITY PRIV_FSS PRIV_FSSTHREAD

PRIV_LIMIT PRIV_LOCKRDONLY PRIV_MKNOD PRIV_MLOCK

PRIV_MOUNT PRIV_MPCTL PRIV_NETADMIN PRIV_NETPRIVPORT

PRIV_NETPROMISCUOUS PRIV_NETRAWACCESS PRIV_OBJSUID PRIV_OWNER

PRIV_PSET PRIV_REBOOT PRIV_RTPRIO PRIV_RTSCHED

PRIV_RTPSET PRIV_SELFAUDIT PRIV_SERIALIZE PRIV_SPUCTL

PRIV_SYSATTR PRIV_SYSNFS

These privileges are granted by default to any process with an effective user ID of zero.

Policy Override Privileges

Policy override privileges override compartment rules. There are four policy override privileges:

PRIV_CHANGECMPT PRIV_CMPTREAD PRIV_CMPTWRITE PRIV_COMMALLOWED.

These privileges are not granted by default to processes with an effective user ID of zero. These

privileges only apply to compartments feature (see compartments (5) and cmpt_tune (1M) to determine if

this feature is enabled). These privileges comprise part of the set of privileges in the compound privilege

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (12 pages)

PAGE 1
privileges(5) privileges(5) NAME privileges - description of HP-UX privileges DESCRIPTION The UNIX operating system has traditionally used an "all or nothing" privilege model, where root users (those with effective UID 0, such as the user named root) have virtually unlimited power, and other users have few or no special privileges. System administrators often need to delegate limited powers to other users. HP-UX provides several ways to do this.
PAGE 2
privileges(5) privileges(5) POLICY. Policy Configuration Privileges Policy configuration privileges control how privileges are configured. There are two such privileges, PRIV_CHANGEFILEXSEC and PRIV_RULESCONFIG. These privileges are not granted by default to processes with an effective user ID of zero. These privileges comprise part of the set of privileges in the compound privilege POLICY.
PAGE 3
privileges(5) privileges(5) PRIV_DACWRITE (DACWRITE) Allows the process to override all discretionary write access restrictions. See Discretionary Restrictions for more information. PRIV_DEVOPS (DEVOPS) Allows the process to do device specific administrative operations, such as tape or disk formatting.
PAGE 4
privileges(5) privileges(5) sgid bits, provided that the process is allowed to change the ownership of the file. PRIV_OWNER (OWNER) Allows a process to override all restrictions with respect to UID matching the owner of the file or resource. See Discretionary Restrictions for more information. PRIV_PSET (PSET) Allows change to the system pset configuration (see pset_create (2)). PRIV_REBOOT (REBOOT) Allows a process to perform reboot operations.
PAGE 5
privileges(5) privileges(5) Depending on what kind of restricted tasks an application performs, the application can raise the corresponding privilege needed before doing the task and then lower the privilege after completing the task. This practice is called privilege bracketing . It is recommended that a process run with the smallest possible privilege set at any given time. Associating Privileges with Processes Each process has three privilege sets associated with it.
PAGE 6
privileges(5) privileges(5) The subsections also include other functions and areas of interest. These tables list the privileges that may be required where the individual man pages specifies "appropriate privileges" to perform certain operations or to operate in certain conditions. Several system calls are accessible by privileged and unprivileged applications.
PAGE 7
privileges(5) privileges(5) cmpt_get_ifcid() PRIV_RULESCONFIG priv_get() PRIV_COMMALLOWED privset_get() PRIV_COMMALLOWED Privileges for System Calls The following table lists system calls and the privileges they may need. Some of these are dependent on what system object they are acting on (for example, files in another compartment), the state of the system (for example, if the maximum number of open files has been reached), or other conditions.
PAGE 8
privileges(5) A pA 8 privileges(5) getaudid() PRIV_SELFAUDIT getaudproc() PRIV_SELFAUDIT getevent() PRIV_AUDCONTROL getfh() PRIV_SYSNFS getpgrp2() PRIV_COMMALLOWED getpriority() PRIV_COMMALLOWED getprivgrp() PRIV_SYSATTR getsid() PRIV_COMMALLOWED ioctl() PRIV_FSINTEGRITY, PRIV_SYSATTR , PRIV_DEVOPS , PRIV_NETADMIN , PRIV_NETPROMISCUOUS, PRIV_NETRAWACCESS and more. Generally the privileges required for an ioctl depend on the driver and type of ioctl.
PAGE 9
privileges(5) privileges(5) pipe() PRIV_LIMIT plock() PRIV_MLOCK pset_assign() PRIV_PSET , PRIV_RTPSET pset_bind() PRIV_PSET , PRIV_RTPSET pset_create() PRIV_PSET , PRIV_RTPSET pset_ctl() PRIV_PSET , PRIV_RTPSET pset_destroy() PRIV_PSET , PRIV_RTPSET pset_getattr() PRIV_PSET , PRIV_RTPSET pset_setattr() PRIV_PSET , PRIV_RTPSET pstat() PRIV_COMMALLOWED, [PRIV_OWNER ]; see Privileges for the pstat System Call for more information.
PAGE 10
privileges(5) A pA 10 privileges(5) setpgrp() PRIV_SESSION setpgrp2() PRIV_COMMALLOWED setpriority() PRIV_COMMALLOWED, PRIV_LIMIT , PRIV_OWNER setprivgrp() PRIV_SYSATTR setregid() PRIV_CHSUBJIDENT setresgid() PRIV_CHSUBJIDENT setresuid() PRIV_CHSUBJIDENT setrlimit() PRIV_LIMIT setsid() PRIV_SESSION setsockopt() PRIV_NETBROADCAST; varies depending on the option used.
PAGE 11
privileges(5) privileges(5) WARNINGS Product documentation, as discussed above, describes alternate ways that programs or users can obtain sufficient privileges to perform restricted operations. Network Issues Privileges are not propagated across distributed systems. They are applied only on the local system. For example, a process with PRIV_DACREAD or PRIV_DACWRITE cannot access a file on another system if it is necessary to override discretionary restrictions to do so.
PAGE 12
(Notes) A (Notes) pA 12 Hewlett-Packard Company −1− HP-UX 11i Version 3: September 2010