privileges.5 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

privileges(5) privileges(5)

The subsections also include other functions and areas of interest. These tables list the privileges that

may be required where the individual man pages speciﬁes "appropriate privileges" to perform certain

operations or to operate in certain conditions.

Several system calls are accessible by privileged and unprivileged applications. For example, the

kill() system call (see kill (2)), when used by a process without the

PRIV_OWNER privilege, can send a

signal only to processes whose UIDs match the sending process’ own UID.

Some general guidelines apply to working with hardware-related system calls.

• Many hardware devices need the

PRIV_DEVOPS privilege in addition to any privileges needed

by the speciﬁc system calls used.

• Networking and streams may need the

PRIV_NETADMIN

, PRIV_NETRAWACCESS

,and/or

PRIV_NETPROMISCUOUS

privileges in addition to other privileges, depending on what you are

attempting to do. For example, the

exportfs command requires the PRIV_SYSNFS privilege

(see exportfs (1M)). The

fdetach() and fattach() library calls require the

PRIV_MOUNT

privilege (possibly in addition to other privileges). (See fdetach (3) and fattach (3C)).

Privileges for the pstat System Call

The

pstat() system call typically needs the

PRIV_COMMALLOWED privilege when operating on

processes outside the calling process’s compartment (see pstat (2)). However, because this system call

works in so many areas, some of the functions of this call may require other privileges. The following is a

list of those functions and the privileges they require:

pstat_getcommandline()

PRIV_COMMALLOWED

pstat_getfile()/

pstat_getfile2()

PRIV_COMMALLOWED

pstat_getfiledetails()

PRIV_COMMALLOWED, PRIV_OWNER

pstat_getlwp() PRIV_COMMALLOWED

pstat_getmsg() PRIV_COMMALLOWED

pstat_getpmq() PRIV_COMMALLOWED

pstat_getproc() PRIV_COMMALLOWED

pstat_getpsem() PRIV_COMMALLOWED

pstat_getsem() PRIV_COMMALLOWED

pstat_pathname()

PRIV_COMMALLOWED, PRIV_OWNER

pstat_proc_locality()

PRIV_COMMALLOWED

pstat_proc_vm() PRIV_COMMALLOWED

pstat_procwindow()

PRIV_COMMALLOWED

pstat_shminfo() PRIV_COMMALLOWED

pstat_socket() PRIV_COMMALLOWED, PRIV_OWNER

pstat_stream() PRIV_COMMALLOWED, PRIV_OWNER

Privileges for Security Containment

Some commands related to Security Containment make use of certain privileges that are not used in

other contexts:

setfilexsec PRIV_CHANGEFILEXSEC, PRIV_CMPTREAD , PRIV_CMPTWRITE,

PRIV_DACREAD , PRIV_DACWRITE

setrules PRIV_RULESCONFIG

Additionally, some library calls related to Security Containment make use of security speciﬁc privileges:

cmpt_change() PRIV_CHANGECMPT

cmpt_get() PRIV_COMMALLOWED

cmpt_get_addrcid() PRIV_RULESCONFIG

6 Hewlett-Packard Company − 6 − HP-UX 11i Version 3: September 2010