Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

getprocxsec(1m) [hpux man page]

getprocxsec(1M) 														   getprocxsec(1M)

NAME

       getprocxsec - display security attributes of a process

SYNOPSIS


DESCRIPTION

       The  command  displays security attributes associated with a running process.  These attributes include the permitted privilege set, effec-
       tive privilege set, retained privilege set, euid, and the compartment name.  See privileges(5) and compartments(5).

       Each process has a permitted privilege set, effective privilege set, and retained privilege set.  If the  compartmentalization  feature	is
       enabled,  it  also  has	a  compartment.   When	a process is created, the child process inherits these attributes from the parent.  When a
       process executes a binary, these attributes can be changed.  See setfilexsec(1M) and getfilexsec(1M) for information on how these  extended
       attributes can be manipulated at execution time.

       For  compatibility,  the  kernel handles processes with effective uid of zero in special ways.  If the compartmentalization feature is dis-
       abled, these processes are treated as though they have all root replacement privileges.	If, on the other  hand,  the  compartmentalization
       feature	is  enabled, these processes are treated as though they have all the root replacement privileges except those configured as disal-
       lowed privileges for the compartment.

   Options
       recognizes the following options:

	      Displays the compartment name of the process.
		   If compartments are not enabled, nothing is reported for this option.  If compartments are enabled, all  the  kernel  processes
		   would be reported as running in "RESERVED CMPT" .

	      Displays the implementation effective privilege set.

	      Displays the full form of the lists.

	      Displays the implementation permitted privilege set.

	      Display the implementation retained privilege set.

       If none of the above options are specified, the default is

   Operands
       recognizes the following operand:

	      pid  The	process ID of the process whose attributes are being displayed.  If pid is displays attributes of this process.  If pid is
		   it displays attributes of the process' parent.  If pid is not specified, it defaults to this process (equivalent to

   Security Restrictions
       The specified process must be visible to the user invoking this command or the user must have the privilege.

RETURN VALUE

       returns the following values:

	      Successful completion.
		   The attributes are displayed.

	      An error occurred.
		   An error can be caused by an invalid option or because the specified process is not visible to the user.

EXAMPLES

       Example 1: Display the privilege sets and compartment of the current process:

       Sample output:

	      effective= BASIC
	      permitted= BASIC
	      retained= BASIC
	      cmpt= init
	      euid= zero

       Example 2: Display the privilege sets and compartment of the parent process:

       Sample output:

	      effective= BASIC
	      permitted= BASIC
	      retained= BASIC
	      cmpt= init
	      euid= zero

       Example 3: Display the full privilege sets and compartment of an arbitrary process:

       Sample output:

	      effective= FORK EXEC SESSION LINKANY
	      permitted= FORK EXEC SESSION LINKANY
	      retained= FORK EXEC SESSION LINKANY
	      cmpt= web
	      euid= non-zero

SEE ALSO

       getfilexsec(1M), setfilexsec(1M), compartments(5), privileges(5).

																   getprocxsec(1M)

Check Out this Related Man Page

getpriority(2)							System Calls Manual						    getpriority(2)

NAME

       getpriority, setpriority - get or set process priority

SYNOPSIS

DESCRIPTION

       returns the priority of the indicated processes.

       sets the priority of the indicated processes to priority.

       The processes are indicated by which and who, where which can have one of the following values:

	      Get or set the priority of the specified process where
				  who is the process ID.  A who of implies the process ID of the calling process.

	      Get or set the priority of the specified process group where
				  who  is  the	process-group  ID, indicating all processes belonging to that process-group.  A who of implies the
				  process-group ID of the calling process.

	      Get or set the priority of the specified user where
				  who is the user ID, indicating all processes owned by that user.  A who of implies the user ID  of  the  calling
				  process.

       If  more  than  one  process is indicated, the value returned by is the lowest valued priority of all the indicated processes, and sets the
       priority of all indicated processes.

       priority is a value from to where lower values indicate better priorities.  The default priority for a process is 0.

       If the calling process contains more than one thread or lightweight process (i.e., the process is  multi-threaded)  these  functions  shall
       apply to all threads or lightweight processes in the calling process.  The priority specified (or retrieved) is the same for all threads or
       lightweight processes in a process.  Negative priorities require appropriate privileges.

   Security Restrictions
       These system calls are subject to compartmental restrictions which restrict their access to processes in other compartments.  This restric-
       tion covers for querying the priority of processes in other compartments, and for changing the priority of processes in other compartments.
       See compartments(5) for more information about compartmentalization on systems that support that feature.

       Compartmental restrictions can be overridden if the process has the privilege (PRIV_COMMALLOWED).  Processes owned by the superuser may not
       have this privilege.  Processes owned by any user may have this privilege, depending on system configuration.

       requires the privilege (PRIV_OWNER) to change the priority of a process whose uid does not match the caller's real or effective uid..  Pro-
       cesses owned by the superuser have this privilege.  Processes owned by other users may have this privilege, depending on system	configura-
       tion.

       requires  the  privilege (PRIV_LIMIT).  Processes owned by the superuser have this privilege.  Processes owned by other users may have this
       privilege, depending on system configuration.

RETURN VALUE

       returns the following values:

	      Successful completion.
		     n is an integer priority in the range to
	      Failure.
		     is set to indicate the error.  See WARNINGS below.

       returns the following values:

	      Successful completion.
	      Failure.
		     is set to indicate the error.

ERRORS

       If or fails, is set to one of the following values:

	      [EACCES]	     The calling process does not have access rights to change one or more of the indicated processes.	All processes  for
			     which access is allowed are still affected.

	      [EINVAL]	     which is not one of the choices listed above, or who is out of range.

	      [EPERM]	     The  calling  process attempted to change the priority of a process to a smaller priority value without having appro-
			     priate privileges.

	      [ESRCH]	     Processes indicated by which and who cannot be found.

WARNINGS

       can return both when it successfully finds a priority of and when it fails.  To determine whether a failure occurred, set to before calling
       then examine after the call returns.

AUTHOR

       and were developed by the University of California, Berkeley.

SEE ALSO

       nice(1), renice(1M), nice(2).

																    getpriority(2)
Man Page