HP-UX Reference (11i v2 07/12) - 5 Miscellaneous (vol 9)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

321

322

323

324

325

326

327

328

329

330

privileges(5) privileges(5)

Several system calls are accessible by privileged and unprivileged applications. For example, the

kill()

system call (see kill(2)), when used by a process without the

PRIV_OWNER privilege, can send a signal only

to processes whose UIDs match the sending process’ own UID.

Some general guidelines apply to working with hardware-related system calls.

• Many hardware devices need the

PRIV_DEVOPS

privilege in addition to any privileges needed by

the speciﬁc system calls used.

• Networking and streams may need the

PRIV_NETADMIN, PRIV_NETRAWACCESS

,and/or

PRIV_NETPROMISCUOUS

privileges in addition to other privileges, depending on what you are

attempting to do. For example, the

exportfs command requires the PRIV_SYSNFS privilege

(see exportfs(1M)). The

fdetach() and fattach() library calls require the

PRIV_MOUNT

privilege (possibly in addition to other privileges). (See fdetach(3) and fattach(3C)).

Privileges for the pstat System Call

The

pstat() system call typically needs the

PRIV_COMMALLOWED privilege (see pstat(2)). However,

because this system call works in so many areas, some of the functions of this call may require other

privileges. The following is a list of those functions and the privileges they require:

pstat_getcommandline()

PRIV_COMMALLOWED

pstat_getfile()/pstat_getfile2()

PRIV_COMMALLOWED

pstat_getfiledetails()

PRIV_COMMALLOWED, PRIV_OWNER

pstat_getlwp() PRIV_COMMALLOWED

pstat_getmsg() PRIV_COMMALLOWED

pstat_getpmq() PRIV_COMMALLOWED

pstat_getproc() PRIV_COMMALLOWED

pstat_getpsem() PRIV_COMMALLOWED

pstat_getsem() PRIV_COMMALLOWED

pstat_pathname() PRIV_COMMALLOWED, PRIV_OWNER

pstat_proc_locality()

PRIV_COMMALLOWED

pstat_proc_vm() PRIV_COMMALLOWED

pstat_procwindow()

PRIV_COMMALLOWED

pstat_shminfo() PRIV_COMMALLOWED

pstat_socket() PRIV_COMMALLOWED, PRIV_OWNER

pstat_stream() PRIV_COMMALLOWED, PRIV_OWNER

Privileges for Security Containment

Some commands related to Security Containment make use of certain privileges that are not used in other

contexts:

setfilexsec PRIV_CHANGEFILEXSEC, PRIV_CMPTREAD, PRIV_CMPTWRITE,

PRIV_DACREAD, PRIV_DACWRITE

setrules PRIV_RULESCONFIG

Additionally, some library calls related to Security Containment make use of security speciﬁc privileges:

cmpt_change() PRIV_CHANGECMPT, PRIV_COMMALLOWED

cmpt_get() PRIV_CHANGECMPT, PRIV_COMMALLOWED

privset_get() PRIV_COMMALLOWED

322 Hewlett-Packard Company − 6 − HP-UX 11i Version 2: December 2007 Update