Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
HP-UX System Administrator's Guide: Security Management: HP-UX 11i Version 3 > Chapter 8 Fine-Grained Privileges

Troubleshooting Fine-Grained Privileges


Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

If something is not working on the system and you suspect the problem is occurring because of fine-grained privileges, you can check the fine-grained privileges configuration as follows.

Problem 1: Even though fine-grained privileges are assigned to a binary file, processes that use exec() to access the binary are not receiving the assigned fine-grained privileges. Solution: Check for one of the following situations.

  • Is the file in question a script?

    Any fine-grained privileges assigned to shell scripts are ignored.

  • Has the file changed since the fine-grained privileges were assigned?

    When a file is modified, its fine-grained privilege attributes are lost. Run the following command either before or after you modify the file:

    # setfilexsec -d filename

    Next, add the privilege attributes you want assigned to the file.

See setfilexsec(1M) for more information about troubleshooting fine-grained privileges.

Problem 2: A process has privileges it should not have, or does not have privileges it should have. Solution: Use the getprocxsec command to determine what privileges a process has:

# getprocxsec -per pid

This command displays the permitted, effective, and retained privilege sets for the process. For more information, see getprocxsec(1M)

If the process does not have the correct privileges, configure the binary file that created this process with the correct privileges. See “Configuring Applications with Fine-Grained Privileges” for more information.

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2008 Hewlett-Packard Development Company, L.P.