getprivgrp(2)

getprivgrp()

The getprivgrp() system call returns a table of the privileged group assignments into a user-supplied structure. grplist points to an array of structures of type privgrp_map, associating a group ID with a privilege mask. Privilege masks are formed by ORing together elements from the access types specified in <sys/privgrp.h>. The array may have gaps in it, distinguished as having a priv_groupno field value of PRIV_NONE. The group number PRIV_GLOBAL gives the global privilege mask. Only information about groups which are in the user's group access list, or about the user's real or effective group ID, is returned to an ordinary user. The complete set is returned to a user with the SYSATTR privilege.

setprivgrp()

The setprivgrp() system call associates a kernel capability with a group ID. This allows subletting of superuser-like privileges to members of a particular group or groups. setprivgrp() takes two arguments: grpid, the integer group ID, and mask, a mask of permissions. The mask is created by treating the access types defined in <sys/privgrp.h> as bit numbers (using 1 for the least significant bit). Thus, privilege number 5 would be represented by the bits 1<<(5-1) or 16. More generally, privilege p is represented by:

where BITS_PER_INT is 8*sizeof(mask[0]) given 8 bits per byte. As it is possible to have more than word-size distinct privileges, mask is a pointer to an integer array of size PRIV_MASKSIZ.

setprivgrp() privileges include those specified in the file <sys/privgrp.h>. A process can access the system call protected by a specific privileged group if it belongs to or has an effective group ID of a group having access to the system call. All processes are considered to belong to the pseudo-group PRIV_GLOBAL.

Specifying a grpid of PRIV_NONE causes privileges to be revoked on all privileged groups that have any of the privileges specified in mask. Specifying a grpid of PRIV_GLOBAL causes privileges to be granted to all processes.

The constant PRIV_MAXGRPS in <sys/privgrp.h> defines the system limit on the number of groups that can be assigned privileges. One of these is always the psuedo-group PRIV_GLOBAL, allowing for PRIV_MAXGRPS - 1 actual groups.

Only processes with the SYSATTR privilege can use setprivgrp().

Security Restrictions

Some or all of the actions associated with this system call require the SYSATTR privilege. Processes owned by the superuser have this privilege. Processes owned by other users may have this privilege, depending on system configuration. See privileges(5) for more information about privileged access on systems that support fine-grained privileges.