HP-UX Reference (11i v2 07/12) - 1M System Administration Commands N-Z (vol 4)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

341

342

343

344

345

346

347

348

349

350

setprivgrp(1M) setprivgrp(1M)

NAME

setprivgrp - set special privileges for groups

SYNOPSIS

setprivgrp groupname [privileges]

setprivgrp -g [privileges]

setprivgrp -n [privileges]

setprivgrp -f ﬁle

DESCRIPTION

The setprivgrp command associates a group with a list of privileges, thus providing access to certain

system capabilities for members of a particular group or groups. The privileges can be displayed with the

getprivgrp command (see getprivgrp(1)).

Privileges can be granted to individual groups, as deﬁned in the

/etc/group ﬁle, and globally for all

groups.

Only a superuser can use the

setprivgrp command.

Options and Arguments

setprivgrp recognizes the following options and arguments:

privileges One or more of the keywords described below in Privileged Capabilities.

groupname The name of a group deﬁned in the ﬁle named

/etc/group . The current privileges

for groupname, if any, are replaced by the speciﬁed privileges. To retain prior

privileges, they must be respeciﬁed.

-g Specify global privileges that apply to all groups. The current privileges, if any, are

replaced by the speciﬁed privileges, To retain prior privileges, they must be

respeciﬁed.

-n If no privileges are speciﬁed, delete all privileges for all groups, including global

privileges.

If one or more privileges are speciﬁed, delete the speciﬁed privileges from the current

privilege lists of all groups, including the global privilege list, but do not delete

unspeciﬁed privileges.

-f file Set the privileges according to entries in the ﬁle ﬁle. This ﬁle is usually

/etc/privgroup. The entry formats are described below in Group Privileges File

Format.

Privileged Capabilities

The following system capabilities can be granted to groups:

CHOWN Can use chown() to change ﬁle ownerships (see chown(2)).

LOCKRDONLY Can use lockf() to set locks on ﬁles that are open for reading only (see lockf(2)).

MLOCK Can use plock() to lock process text and data into memory, and the shmctl()

SHM_LOCK

function to lock shared memory segments (see plock(2) and shmctl(2)).

RTPRIO Can use rtprio() to set real-time priorities (see rtprio(2)).

RTSCHED Can use sched_setparam() and sched_setscheduler()

to set POSIX.4

real-time priorities (see rtsched(2)).

SERIALIZE Can use serialize() to force the target process to run serially with other

processes that are also marked by this system call (see serialize(2)).

SETRUGID Can use setuid() and setgid() to change, respectively, the real user ID and

real group ID of a process (see setuid(2) and setgid(2)).

FSSTHREAD Allows certain administrative operations in the Process Resource Manager (PRM) pro-

duct. See that product’s documentation for more information.

SPUCTL Allows certain administrative operations in the Instant Capacity On Demand (iCOD)

product. See that product’s documentation for more information.

HP-UX 11i Version 2: December 2007 Update − 1 − Hewlett-Packard Company 343