Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
HP-UX System Administrator's Guide: Security Management: HP-UX 11i Version 3 > Chapter 8 Fine-Grained Privileges

Configuring Applications with Fine-Grained Privileges


Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

Applications that are written or modified to support fine-grained privileges are called privilege-aware applications. You must register privilege-aware applications using the setfilexsec command. Once registered, the security attributes associated with a binary file are stored in a configuration file and maintain persistence across reboot. This is normally done for you when you install and configure privilege-aware applications using the SD-UX utilities.

Older HP-UX applications, or legacy applications, are not privilege-aware. You can configure legacy applications that run with UID=0 to run with fine-grained privileges. To configure legacy applications using HP-UX RBAC, see Section .

TIP: HP recommends you use HP-UX RBAC to configure applications that require variable privileges to run.

To configure security attributes for a privilege-aware application, use the setfilexsec command as follows:

# setfilexsec [options] filename

The setfilexsec command is meant to assign privileges to binaries on a local file system. Binaries that are obtained from a network file systems (NFS) should not be assigned privileges because if the file is modified by a different system (directly on the NFS server), the extended attributes set by setfilexsec are not removed.

The options for setfilexsec are as follows:


Deletes any security information for this file from the configuration file and the kernel.


Deletes any security information for this file from the configuration file only. Used to clear security information for a deleted file.


Add or change minimum retained privileges.


Add or change maximum retained privileges.


Add or change minimum permitted privileges.


Add or change maximum permitted privileges.


Sets the security attribute flags.

The getfilexsec command displays the extended attributes of a binary file, set with the setfilexsec command.

# getfilexsec filename

Privilege Model

Each process has three privilege sets associated with it:

  • Permitted Privilege Set

    The maximum set of privileges a process can raise. The process can drop any privilege from this set, but cannot add any privileges to this set. Privileges from this set can be added to the effective privilege set of the process.

  • Effective Privilege Set

    The set of currently active privileges for a process. A privilege-aware process can modify effective privilege set to keep only the necessary privileges in this set at any given time. The process can remove any privilege from the effective privilege set, but can only add privileges from the permitted privilege set.

    The effective privilege set is always a subset of the permitted privilege set.

  • Retained Privilege Set

    The set of privileges retained when a process calls the execve() system call. The process can remove any privilege from this set, but cannot add privileges to this set.

    The retained privilege set is always a subset of the permitted privileges set.

The first process, init, starts with a small set of privileges. It then creates other processes that execute other binaries using exec family calls (execv, execve, and so on). During this exec call, the extended attributes of the binary, the attributes set with setfilexsec command, may cause these processes to gain privileges that their parent process do not have, or lose the privileges that the parent process had. For instance, if a binary has a permitted minimum of DACREAD (setfilexsec –p DACREAD has been performed on the binary), the new process will have the DACREAD privilege whether or not the parent process had that privilege. On the other hand, if process already has the DACREAD privilege, but if the binary it executes does not have this privilege in permitted max (for example, setfilexsec -P none …. has been performed on the file already), it would lose the privilege as a side-effect of executing the binary.

Compound Privileges

Compound privileges are a shorthand way of specifying a predefined set of simple privileges.

The following are compound privileges:


    Basic privileges available to all processes by default. Processes may drop one or more privileges from this set.


    Basic and privileges and privileges that provide powers usually associated with UID=0.


    Policy override privileges and policy configuration privileges. Policy override privileges override compartment rules. Policy configuration privileges control how privileges are configured.

For a complete list of the privileges in each of the compound privileges, see privileges(5).

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2008 Hewlett-Packard Development Company, L.P.