privileges.5 (2011 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

privileges(5) privileges(5)

Compatibility

A process with an effective user ID of zero is, by default, treated as possessing root replacement

privileges. The compartmentalization feature may further restrict this interpretation of effective user ID

such that the process is treated as though it has only a speciﬁed subset of root replacement privileges.

For more details, see the description of "Process Limitation Rules" in compartments (4).

More formally, a process is said to observe a privilege if and only if one or more of the following condi-

tions hold:

• The privilege is present in its effective privilege set, or

• The privilege is a root replacement privilege, effective uid of the process is zero, and compart-

mentalization is not enabled, or

• The privilege is a root replacement privilege, effective uid of the process is zero, compartmentali-

zation is enabled, and the privilege is not a disallowed privilege in the process’s compartment.

SYSTEM PRIVILEGE REQUIREMENTS

This section provides tables that list the privileges that may be required where the corresponding man

pages speciﬁes "appropriate privileges" to perform certain operations or to operate in certain conditions.

For each system call, the table lists what privileges can potentially affect system call’s behavior,

The subsections also include other functions and areas of interest. These tables list the privileges that

may be required where the individual man pages speciﬁes "appropriate privileges" to perform certain

operations or to operate in certain conditions.

Several system calls are accessible by privileged and unprivileged applications. For example, the

kill() system call (see kill (2)), when used by a process without the PRIV_OWNER privilege, can send a

signal only to processes whose UIDs match the sending process’ own UID.

Some general guidelines apply to working with hardware-related system calls.

• Many hardware devices need the

PRIV_DEVOPS privilege in addition to any privileges needed

by the speciﬁc system calls used.

• Networking and streams may need the

PRIV_NETADMIN

, PRIV_NETRAWACCESS,and/or

PRIV_NETPROMISCUOUS

privileges in addition to other privileges, depending on what you are

attempting to do. For example, the

exportfs command requires the PRIV_SYSNFS privilege

(see exportfs (1M)). The fdetach() and fattach() library calls require the PRIV_MOUNT

privilege (possibly in addition to other privileges). (See fdetach (3) and fattach (3C)).

Privileges for the pstat System Call

The

pstat() system call typically needs the PRIV_COMMALLOWED

privilege when operating on

processes outside the calling process’s compartment (see pstat (2)). However, because this system call

works in so many areas, some of the functions of this call may require other privileges. The following is a

list of those functions and the privileges they require:

pstat_getcommandline() PRIV_COMMALLOWED

pstat_getfile()/pstat_getfile2()

PRIV_COMMALLOWED

pstat_getfiledetails() PRIV_COMMALLOWED, PRIV_OWNER

pstat_getlwp() PRIV_COMMALLOWED

pstat_getmsg() PRIV_COMMALLOWED

pstat_getpmq() PRIV_COMMALLOWED

pstat_getproc() PRIV_COMMALLOWED

pstat_getpsem() PRIV_COMMALLOWED

pstat_getsem() PRIV_COMMALLOWED

pstat_pathname() PRIV_COMMALLOWED, PRIV_OWNER

pstat_proc_locality() PRIV_COMMALLOWED

pstat_proc_vm() PRIV_COMMALLOWED

pstat_procwindow() PRIV_COMMALLOWED

HP-UX 11i Version 3: September 2011 − 7 − Hewlett-Packard Company 7