Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX Reference > G

getprocxsec(1M)

HP-UX 11i Version 3: February 2007
» 

Technical documentation

» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

NAME

getprocxsec — display security attributes of a process

SYNOPSIS

getprocxsec [-c] [-e] [-f] [-p] [-r] [pid]

DESCRIPTION

The getprocxsec command displays security attributes associated with a running process. These attributes include the permitted privilege set, effective privilege set, retained privilege set, euid, and the compartment name. See privileges(5) and compartments(5).

Each process has a permitted privilege set, effective privilege set, and retained privilege set. If the compartmentalization feature is enabled, it also has a compartment. When a process is created, the child process inherits these attributes from the parent. When a process executes a binary, these attributes can be changed. See setfilexsec(1M) and getfilexsec(1M) for information on how these extended attributes can be manipulated at execution time.

For compatibility, the kernel handles processes with effective uid of zero in special ways. If the compartmentalization feature is disabled, these processes are treated as though they have all root replacement privileges. If, on the other hand, the compartmentalization feature is enabled, these processes are treated as though they have all the root replacement privileges except those configured as disallowed privileges for the compartment.

Options

getprocxsec recognizes the following options:

-c

Displays the compartment name of the process. If compartments are not enabled, nothing is reported for this option. If compartments are enabled, all the kernel processes would be reported as running in "RESERVED CMPT" .

-e

Displays the implementation effective privilege set.

-f

Displays the full form of the lists.

-p

Displays the implementation permitted privilege set.

-r

Display the implementation retained privilege set.

If none of the above options are specified, the default is -perc -1.

Operands

getprocxsec recognizes the following operand:

pid

The process ID of the process whose attributes are being displayed. If pid is -1, getprocxsec displays attributes of this process. If pid is -2, it displays attributes of the process' parent. If pid is not specified, it defaults to this process (equivalent to -1).

Security Restrictions

The specified process must be visible to the user invoking this command or the user must have the COMMALLOWED privilege.

RETURN VALUE

getprocxsec returns the following values:

0

Successful completion. The attributes are displayed.

>0

An error occurred. An error can be caused by an invalid option or because the specified process is not visible to the user.

EXAMPLES

Example 1: Display the privilege sets and compartment of the current process:

# getprocxsec

Sample output:

effective= BASIC permitted= BASIC retained= BASIC cmpt= init euid= zero

Example 2: Display the privilege sets and compartment of the parent process:

# getprocxsec -2

Sample output:

effective= BASIC permitted= BASIC retained= BASIC cmpt= init euid= zero

Example 3: Display the full privilege sets and compartment of an arbitrary process:

# getprocxsec -f 801

Sample output:

effective= FORK EXEC SESSION LINKANY permitted= FORK EXEC SESSION LINKANY retained= FORK EXEC SESSION LINKANY cmpt= web euid= non-zero

SEE ALSO

getfilexsec(1M), setfilexsec(1M), compartments(5), privileges(5).



getmemwindow
  		 


getprpw  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1983-2007 Hewlett-Packard Development Company, L.P.