HPlogo HP-UX Reference > P

privgrp(4)

HP-UX 11i Version 2: December 2007 Update
» 

Technical documentation

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

NAME

privgrp — format of privileged values

SYNOPSIS

#include <sys/privgrp.h>

DESCRIPTION

setprivgrp() sets a mask of privileges, and getprivgrp(2) returns an array of structures giving privileged group assignments on a per-group-ID basis (see getprivgrp(2)). setprivgrp() associates a kernel capability with a group ID. This allows subletting of superuser-like privileges to members of a particular group or groups. The constants and structures needed for these system calls are defined in <sys/privgrp.h>.

Privileges are as follows:

PRIV_RTPRIO

Allows access to the rtprio() system call (see rtprio(2)).

PRIV_MLOCK

Allows access to the plock() system call (see plock(2)).

PRIV_CHOWN

Allows access to the chown() system calls (see chown(2)).

PRIV_LOCKRDONLY

Permits the use of the lockf() system call for setting locks on files open for reading only (see lockf(2)).

PRIV_SETRUGID

Permits the use of the setuid() and setgid() system calls for changing respectively the real user ID and real group ID of a process (see setuid(2)).

PRIV_MPCTL

Permits the use of the mpctl() system call for changing processor binding, locality domain binding or launch policy of a process (see mpctl(2)).

PRIV_RTSCHED

Allows access to the sched_setparam() and sched_setscheduler() to set POSIX.4 real-time priorities (see rtsched(2)).

PRIV_SERIALIZE

Permits the use of serialize() for forcing the target process to run serially with other processes that are also marked by this system call (see serialize(2)).

PRIV_SPUCTL

Permits certain administrative operations in the Instant Capacity On Demand (iCOD) product for deactivation and reactivation of processors. See that product's documentation for more information.

PRIV_FSSTHREAD

Permits certain administrative operations in Process Resource Manager (PRM) product. See that product's documentation for more information.

PRIV_PSET

Allows change to the system pset configuration (see pset_create(2)).

Privileges are described in a multi-word mask. The value of the #define for each privilege is interpreted as a bit index (counting from 1). Thus a group-id can have several different privileges associated with it by having different bits ORed into the mask.

The system is configured with a specified maximum number of groups with special privileges. PRIV_MAXGRPS defines this maximum. Of this maximum, one is reserved for global privileges (granted to all processes) and the remainder can be assigned to actual group-ids.

PRIV_MASKSIZ defines the size of the multi-word mask used in defining privileges associated with a group-ID.

Privileges are returned to the user from the getprivgrp() system call in an array of structures of type struct privgrp_map. The structure associates a multi-word mask with a group-ID. The privgrp_map structure contains the fields:

gid_t priv_groupno uint32_t priv_mask[PRIV_MASKSIZ]

Where priv_groupno contains the group id (see setprivgrp(2)), and priv_mask contains the privilege mask associated with priv_groupno.

SEE ALSO

getprivgrp(1), setprivgrp(1M), chown(2), getprivgrp(2), lockf(2), plock(2), rtprio(2), rtsched(2), serialize(2), setgid(2), setuid(2), shmctl(2), mpctl(2), pset_create(2).



pppoesd.conf
  		 


profile