Overview

The UNIX operating system traditionally uses an "all or nothing" privilege model, in which superusers (those with effective UID=0, such as the root user) have virtually unlimited power, and other users have few or no special privileges.

HP-UX provides several legacy methods of delegating limited powers, including restricted smh(1M), the privilege groups described in privgrp(4), the shutdown.allow file described in shutdown(1M), and the cron.allow file described in crontab(1).

These legacy methods can be replaced by the use of fine-grained privileges and the HP-UX RBAC access control framework.

The HP-UX fine-grained privilege model splits the powers of superusers into a set of privileges. Fine-grained privileges are granted to processes. Each privilege grants a process that possesses that privilege the right to a certain set of restricted services provided by the kernel.

See privileges(5) for more information.