HP-UX Reference (11i v2 04/09) - 4 File Formats (vol 8)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

271

272

273

274

275

276

277

278

279

280

privgrp(4) privgrp(4)

NAME

privgrp - format of privileged values

SYNOPSIS

#include <sys/privgrp.h>

DESCRIPTION

setprivgrp() sets a mask of privileges, and getprivgrp (2) returns an array of structures giving

privileged group assignments on a per-group-ID basis (see getprivgrp (2)).

setprivgrp() associates a

kernel capability with a group ID. This allows subletting of superuser-like privileges to members of a

particular group or groups. The constants and structures needed for these system calls are deﬁned in

Privileges are as follows:

PRIV_RTPRIO Allows access to the rtprio() system call (see rtprio (2)).

PRIV_MLOCK Allows access to the plock() system call (see plock (2)).

PRIV_CHOWN Allows access to the chown() system calls (see chown(2)).

PRIV_LOCKRDONLY

Permits the use of the

lockf() system call for setting locks on ﬁles

open for reading only (see lockf (2)).

PRIV_SETRUGID Permits the use of the setuid() and setgid() system calls for

changing respectively the real user ID and real group ID of a process (see

setuid (2)).

PRIV_MPCTL Permits the use of the mpctl() system call for changing processor

binding, locality domain binding or launch policy of a process (see

mpctl (2)).

PRIV_RTSCHED Allows access to the sched_setparam()

and

sched_setscheduler()

to set POSIX.4 real-time priorities (see

rtsched (2)).

PRIV_SERIALIZE Permits the use of

serialize() for forcing the target process to run

serially with other processes that are also marked by this system call

(see serialize (2)).

PRIV_SPUCTL Permits certain administrative operations in the Instant Capacity On

Demand (iCOD) product for deactivation and reactivation of processors.

See that product’s documentation for more information.

PRIV_FSSTHREAD Permits certain administrative operations in Process Resource Manager

(PRM) product. See that product’s documentation for more information.

PRIV_PSET Allows change to the system pset conﬁguration (see pset_create (2)).

Privileges are described in a multi-word mask. The value of the

#define for each privilege is inter-

preted as a bit index (counting from 1). Thus a group-id can have several different privileges associated

with it by having different bits ORed into the mask.

The system is conﬁgured with a speciﬁed maximum number of groups with special privileges.

PRIV_MAXGRPS deﬁnes this maximum. Of this maximum, one is reserved for global privileges (granted

to all processes) and the remainder can be assigned to actual group-ids.

PRIV_MASKSIZ deﬁnes the size of the multi-word mask used in deﬁning privileges associated with a

group-ID.

Privileges are returned to the user from the

getprivgrp() system call in an array of structures of

type struct privgrp_map. The structure associates a multi-word mask with a group-ID. The

privgrp_map structure contains the ﬁelds:

gid_t priv_groupno

uint32_t priv_mask[PRIV_MASKSIZ]

Where priv_groupno contains the group id (see setprivgrp (2)), and priv_mask contains the privilege mask

associated with priv_groupno .

HP-UX 11i Version 2: September 2004 − 1 − Hewlett-Packard Company Section 4−−261