|
|
HP-UX Reference > Pprivgrp(4)HP-UX 11i Version 2: December 2007 Update |
|
NAMEprivgrp — format of privileged values DESCRIPTIONsetprivgrp() sets a mask of privileges, and getprivgrp(2) returns an array of structures giving privileged group assignments on a per-group-ID basis (see getprivgrp(2)). setprivgrp() associates a kernel capability with a group ID. This allows subletting of superuser-like privileges to members of a particular group or groups. The constants and structures needed for these system calls are defined in <sys/privgrp.h>. Privileges are as follows:
Privileges are described in a multi-word mask. The value of the #define for each privilege is interpreted as a bit index (counting from 1). Thus a group-id can have several different privileges associated with it by having different bits ORed into the mask. The system is configured with a specified maximum number of groups with special privileges. PRIV_MAXGRPS defines this maximum. Of this maximum, one is reserved for global privileges (granted to all processes) and the remainder can be assigned to actual group-ids. PRIV_MASKSIZ defines the size of the multi-word mask used in defining privileges associated with a group-ID. Privileges are returned to the user from the getprivgrp() system call in an array of structures of type struct privgrp_map. The structure associates a multi-word mask with a group-ID. The privgrp_map structure contains the fields: gid_t priv_groupno uint32_t priv_mask[PRIV_MASKSIZ] Where priv_groupno contains the group id (see setprivgrp(2)), and priv_mask contains the privilege mask associated with priv_groupno. SEE ALSOgetprivgrp(1), setprivgrp(1M), chown(2), getprivgrp(2), lockf(2), plock(2), rtprio(2), rtsched(2), serialize(2), setgid(2), setuid(2), shmctl(2), mpctl(2), pset_create(2). |
|