NAME
privgrp() — format of privileged values
DESCRIPTION
setprivgrp()
sets a mask of privileges, and
getprivgrp(2)
returns an array of structures
giving privileged group assignments on a per-group-ID
basis (see
getprivgrp(2)).
setprivgrp()
associates a kernel capability with a group
ID.
This allows subletting of superuser-like
privileges to members of a particular group or groups.
The constants and structures needed for these system calls
are defined in
<sys/privgrp.h>.
Privileges are as follows:
- PRIV_RTPRIO
Allows access to the
rtprio()
system call (see
rtprio(2)).
- PRIV_MLOCK
Allows access to the
plock()
system call (see
plock(2)).
- PRIV_CHOWN
Allows access to the
chown()
system calls (see
chown(2)).
- PRIV_LOCKRDONLY
Permits the use of the
lockf()
system call for setting locks on files open for reading only (see
lockf(2)).
- PRIV_SETRUGID
Permits the use of the
setuid()
and
setgid()
system calls for changing respectively the real user
ID
and real group
ID
of a process (see
setuid(2)).
- PRIV_MPCTL
Permits the use of the
mpctl()
system call for changing processor binding, locality
domain binding or launch policy of a process (see
mpctl(2)).
- PRIV_RTSCHED
Allows access to the
sched_setparam()
and
sched_setscheduler()
to set POSIX.4 realtime
priorities (see
rtsched(2)).
- PRIV_SERIALIZE
Permits the use of
serialize()
for forcing the target process to run serially with other
processes that are also marked by this system
call (see
serialize(2)).
- PRIV_SPUCTL
Permits certain administrative operations in the
Instant Capacity (iCAP) product for
deactivation and reactivation of processors.
See that product's documentation for more information.
- PRIV_FSSTHREAD
Permits certain administrative operations in
Process Resource Manager (PRM) product.
See that product's documentation for more
information.
- PRIV_PSET
Allows change to the system pset configuration
(see
pset_create(2)).
Privileges are described in a multiword mask.
The value of the
#define
for each privilege is interpreted as a bit index (counting from 1).
Thus a group ID can have several different privileges
associated with it by having different bits
ORed into the mask.
The system is configured with a specified maximum number
of groups with special privileges.
PRIV_MAXGRPS
defines this maximum.
Of this maximum, one is reserved for global privileges
(granted to all processes)
and the remainder can be assigned to actual group IDs.
PRIV_MASKSIZ
defines the size of the multiword mask used
in defining privileges associated with a group ID.
Privileges are returned to the user from the
getprivgrp()
system call in an array of structures of type
struct privgrp_map.
The structure associates a multiword mask with a group ID.
The privgrp_map structure contains the fields:
gid_t priv_groupno
uint32_t priv_mask[PRIV_MASKSIZ]
where
priv_groupno
contains the group ID (see
setprivgrp(2)),
and
priv_mask
contains the privilege mask associated with
priv_groupno.
SEE ALSO
getprivgrp(1),
setprivgrp(1M),
chown(2),
getprivgrp(2),
lockf(2),
mpctl(2),
plock(2),
pset_create(2),
rtprio(2),
rtsched(2),
serialize(2),
setgid(2),
setuid(2),
shmctl(2).
Printable version
