Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

getprivgrp(2) [hpux man page]

getprivgrp(2)							System Calls Manual						     getprivgrp(2)

NAME

       getprivgrp(), setprivgrp() - get and set special attributes for group

SYNOPSIS

DESCRIPTION

   getprivgrp()
       The  system  call returns a table of the privileged group assignments into a user-supplied structure.  grplist points to an array of struc-
       tures of type associating a group ID with a privilege mask.  Privilege masks are formed by ORing together elements from	the  access  types
       specified  in  The  array  may  have gaps in it, distinguished as having a field value of The group number gives the global privilege mask.
       Only information about groups which are in the user's group access list, or about the user's real or effective group ID, is returned to	an
       ordinary user.  The complete set is returned to a user with the privilege.

   setprivgrp()
       The  system  call associates a kernel capability with a group ID.  This allows subletting of superuser-like privileges to members of a par-
       ticular group or groups.  takes two arguments: grpid, the integer group ID, and mask, a mask of permissions.  The mask is created by treat-
       ing  the  access types defined in as bit numbers (using 1 for the least significant bit).  Thus, privilege number 5 would be represented by
       the bits or 16.	More generally, privilege p is represented by:

       where is given 8 bits per byte.	As it is possible to have more than word-size distinct privileges, mask is a pointer to an  integer  array
       of size

       privileges  include those specified in the file A process can access the system call protected by a specific privileged group if it belongs
       to or has an effective group ID of a group having access to the system call.  All processes are considered to belong to the pseudo-group

       Specifying a grpid of causes privileges to be revoked on all privileged groups that have any of the privileges specified in mask.  Specify-
       ing a grpid of causes privileges to be granted to all processes.

       The  constant in defines the system limit on the number of groups that can be assigned privileges.  One of these is always the psuedo-group
       allowing for actual groups.

       Only processes with the privilege can use

   Security Restrictions
       Some or all of the actions associated with this system call require the privilege.  Processes owned by the superuser have  this	privilege.
       Processes  owned  by  other users may have this privilege, depending on system configuration.  See privileges(5) for more information about
       privileged access on systems that support fine-grained privileges.

RETURN VALUE

       and return the following values:

	      Successful completion.
	      Failure.
		     is set to indicate the error.

ERRORS

       If fails, is set to one of the following values.

	      grplist	     points to an illegal address.  The reliable detection of this error is implementation dependent.

       If fails, is set to one of the following values.

	      The request would require assigning privileges to more than
			     groups.

	      mask	     points to an illegal address.  The reliable detection of this error is implementation dependent.

	      mask	     has bits set for one or more unknown privileges.

	      grpid	     is out of range.

	      The caller is not a privileged user.

EXAMPLES

       The following example prints out and the group IDs of the privilege groups to which the user belongs:

AUTHOR

       and were developed by HP.

SEE ALSO

       getprivgrp(1), setprivgrp(1M), setgroups(2), privgrp(4), privileges(5).

																     getprivgrp(2)

Check Out this Related Man Page

setregid(2)							System Calls Manual						       setregid(2)

NAME

       setregid - sets the real and effective group IDs

SYNOPSIS


DESCRIPTION

       sets the real and effective group IDs of the calling process.

       Only  a privileged process can set the real group ID and/or the effective group ID to any valid value.  A nonprivileged process can set the
       real group ID to the saved set-group-ID from one of the exec family of functions, or the effective group ID to either the saved	set-group-
       ID or the real group ID.

       Any supplementary group IDs of the calling process remain unchanged.

       Argument rgid is the read group ID value to be set with.  If rgid is set to the real group ID is not be changed.

       Argument egid is the effective group ID value to be set with.  If egid is set to -1, the effective group ID is not changed.

       The real and effective group IDs may be set to different values in the same call.

   Security Restrictions
       Some  or  all  of  the actions associated with this system call require the privilege (CHSUBJIDENT).  Processes owned by the superuser will
       have this privilege.  Processes owned by other users may have this privilege, depending on system configuration.

       See privileges(5) for more information about privileged access on systems that support fine-grained privileges.

RETURN VALUE

       Upon successful completion is set to Otherwise, errno is set to indicate the type of error and neither group IDs are changed.

ERRORS

       is set to one of the following values if the corresponding condition is detected.

       The value of the
		      rgid or egid argument is invalid or out-of-range.

       The process does NOT have all the appropriate privileges other
		      than to change the real group ID to the saved set-group-ID, or to change the effective group ID to either the real group	ID
		      or the saved set-group-ID.

AUTHOR

       was developed by the University of California, Berkeley and HP.

SEE ALSO

       exec(2), geteuid(2), getgid(2), getuid(2), setegid(2), setgid(2), setreuid(2), setuid(2).

																       setregid(2)
Man Page