privileges.5 (2011 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

privileges(5) privileges(5)

Privilege Descriptions

The following list speciﬁes privilege names and their primary purpose.

PRIV_ACCOUNTING (ACCOUNTING)

Allows a process to control the process accounting system (see acct (2)).

PRIV_AUDCONTROL (AUDCONTROL)

Allows a process to start, modify, and stop the auditing system.

PRIV_CHANGECMPT (CHANGECMPT)

Grants a process the ability to change its compartment. (See compartments (5) and

cmpt_tune (1M) to determine if this extended feature is enabled.)

PRIV_CHANGEFILEXSEC (CHANGEFILEXSEC)

Allows a process to grant privileges to binaries.

PRIV_CHOWN (CHOWN)

Allows access to the chown() system calls (see chown(2)).

PRIV_CHROOT (CHROOT)

Allows a process to change its root directory.

PRIV_CHSUBJIDENT (CHSUBJIDENT)

Allows a process to change it UIDs, GIDs, and group lists. Also allows a process to chown

ﬁle and leave the suid or sgid bits set on the ﬁle, if present.

PRIV_CMPTREAD (CMPTREAD)

Allows a process to open a ﬁle or directory for reading, executing (in the case of a ﬁle), or

searching (in the case of a directory), bypassing compartment rules that would otherwise not

permit the operation. (See compartments (5) and cmpt_tune (1M) to determine if this extended

feature is enabled.)

PRIV_CMPTWRITE (CMPTWRITE)

Allows a process to write into a ﬁle or directory, bypassing compartment rules that would oth-

erwise not permit the operation. (See compartments (5) and cmpt_tune (1M) to determine if

this extended feature is enabled.)

PRIV_COMMALLOWED (COMMALLOWED)

Allows a process to override compartment rules in the IPC and networking subsystems. (See

compartments (5) and cmpt_tune (1M) to determine if this extended feature is enabled.)

PRIV_CORESYSATTR (CORESYSATTR)

Enables a process to manage system attributes including the setting of tunables, and modify-

ing user quotas.

This privilege is valid only when the HP-UX ContainmentPlus product (version B.11.31.02 or

later) is installed on the system.

PRIV_DACREAD (DACREAD)

Allows the process to override all discretionary read, execute, and search access restrictions.

See Discretionary Restrictions for more information.

PRIV_DACWRITE (DACWRITE)

Allows the process to override all discretionary write access restrictions. See Discretionary

Restrictions for more information.

PRIV_DEVOPS (DEVOPS)

Allows the process to do device speciﬁc administrative operations, such as tape or disk format-

ting.

If the HP-UX ContainmentPlus product (version B.11.31.02 or later) is installed on the system,

PRIV_DEVOPS becomes a compound privilege, which includes PRIV_RDEVOPS and

PRIV_PTYOPS.

PRIV_DLKM (DLKM)

Allows a process to load a kernel module (see modload (2)), get information about a loaded ker-

nel module (see modstat (2)), and change the global search path for dynamically loadable ker-

nel modules (see modpath (2)).

PRIV_EXEC (EXEC)

Allows a process to call exec() (see exec (2)) family calls.

HP-UX 11i Version 3: September 2011 − 3 − Hewlett-Packard Company 3