HP-UX Reference (11i v3 07/02) - 4 File Formats (vol 8)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

321

322

323

324

325

326

327

328

329

330

privgrp(4) privgrp(4)

NAME

privgrp() - format of privileged values

SYNOPSIS

#include <sys/privgrp.h>

DESCRIPTION

setprivgrp() sets a mask of privileges, and getprivgrp(2) returns an array of structures giving

privileged group assignments on a per-group-ID basis (see getprivgrp(2)).

setprivgrp() associates a

kernel capability with a group ID. This allows subletting of superuser-like privileges to members of a par-

ticular group or groups. The constants and structures needed for these system calls are deﬁned in

Privileges are as follows:

PRIV_RTPRIO Allows access to the rtprio() system call (see rtprio(2)).

PRIV_MLOCK Allows access to the plock() system call (see plock(2)).

PRIV_CHOWN Allows access to the chown() system calls (see chown(2)).

PRIV_LOCKRDONLY Permits the use of the

lockf() system call for setting locks on ﬁles open

for reading only (see lockf(2)).

PRIV_SETRUGID Permits the use of the setuid() and setgid() system calls for

changing respectively the real user ID and real group ID of a process (see

setuid(2)).

PRIV_MPCTL Permits the use of the mpctl() system call for changing processor bind-

ing, locality domain binding or launch policy of a process (see mpctl(2)).

PRIV_RTSCHED Allows access to the sched_setparam()

and

sched_setscheduler()

to set POSIX.4 realtime priorities (see

rtsched(2)).

PRIV_SERIALIZE Permits the use of

serialize() for forcing the target process to run

serially with other processes that are also marked by this system call (see

serialize(2)).

PRIV_SPUCTL Permits certain administrative operations in the Instant Capacity (iCAP)

product for deactivation and reactivation of processors. See that product’s

documentation for more information.

PRIV_FSSTHREAD Permits certain administrative operations in Process Resource Manager

(PRM) product. See that product’s documentation for more information.

PRIV_PSET Allows change to the system pset conﬁguration (see pset_create(2)).

Privileges are described in a multiword mask. The value of the

#define for each privilege is interpreted

as a bit index (counting from 1). Thus a group ID can have several different privileges associated with it by

having different bits ORed into the mask.

The system is conﬁgured with a speciﬁed maximum number of groups with special privileges.

PRIV_MAXGRPS deﬁnes this maximum. Of this maximum, one is reserved for global privileges (granted

to all processes) and the remainder can be assigned to actual group IDs.

PRIV_MASKSIZ deﬁnes the size of the multiword mask used in deﬁning privileges associated with a

group ID.

Privileges are returned to the user from the getprivgrp() system call in an array of structures of type

struct privgrp_map . The structure associates a multiword mask with a group ID. The privgrp_map

structure contains the ﬁelds:

gid_t priv_groupno

uint32_t priv_mask[PRIV_MASKSIZ]

where priv_groupno contains the group ID (see setprivgrp(2)), and priv_mask contains the privilege mask

associated with priv_groupno.

HP-UX 11i Version 3: February 2007 − 1 − Hewlett-Packard Company 329