NAME
privgrp — HP-UX group privileges
DESCRIPTION
HP-UX allows subletting of limited superuser-like privileges to all users or
to members of a particular group or groups.
This capability is deprecated and only existing applications should use it.
The newer fine-grained privilege facilities described in
privileges(5)
should be used by new applications.
The
<sys/privgrp.h>
header defines the following symbolic privilege names:
PRIV_CHOWN,
PRIV_FSSTHREAD,
PRIV_LOCKRDONLY,
PRIV_MLOCK,
PRIV_MPCTL,
PRIV_PSET,
PRIV_RTPRIO,
PRIV_RTSCHED,
PRIV_SERIALIZE,
PRIV_SETRUGID,
and
PRIV_SPUCTL.
All but one of the group privileges are supported as fine-grained privileges
and described in
privileges(5).
The one group privilege not supported as a fine-grained privilege is:
- PRIV_SETRUGID
Permits the use of the
setuid()
and
setgid()
system calls for changing respectively the real user ID
and real group ID of a process (see
setuid(2)).
This behavior of
setuid()
is deprecated and only legacy applications should use it.
Newer applications should use
setresuid(geteuid(), -1, -1)
and
setresgid(getegid(), -1, -1),
respectively, to achieve the same effect. (No special privileges required.)
The
<sys/privgrp.h>
header defines two additional symbolic constants:
- PRIV_MAXGRPS
defines the maximum number of groups with special privileges.
Of this maximum, one is reserved for global privileges
(granted to all processes)
and the remainder can be assigned to actual group IDs.
- PRIV_MASKSIZ
defines the size of the multi-word mask used
in defining privileges associated with a group ID.
The
setprivgrp
and
getprivgrp
commands and the
setprivgrp()
and
getprivgrp()
system calls may be used to define and query the privilege group associations.
The group privileges are automatically initialized from the contents of
/etc/privgroup
(see
privgrp(4))
at boot time.
WARNINGS
This mechanism is deprecated and only legacy applications should use it.
See
privileges(5)
for a description of fine-grained privileges.
SEE ALSO
getprivgrp(1),
setprivgrp(1M),
chown(2),
getprivgrp(2),
lockf(2),
mpctl(2),
plock(2),
pset_create(2),
rtprio(2),
rtsched(2),
serialize(2),
setgid(2),
setuid(2),
shmctl(2),
privgrp(4),
privileges(5).