getprivgrp(2)							System Calls Manual						     getprivgrp(2)

NAME

       getprivgrp(), setprivgrp() - get and set special attributes for group

SYNOPSIS

DESCRIPTION

   getprivgrp()
       The  system  call returns a table of the privileged group assignments into a user-supplied structure.  grplist points to an array of struc-
       tures of type associating a group ID with a privilege mask.  Privilege masks are formed by ORing together elements from	the  access  types
       specified  in  The  array  may  have gaps in it, distinguished as having a field value of The group number gives the global privilege mask.
       Only information about groups which are in the user's group access list, or about the user's real or effective group ID, is returned to	an
       ordinary user.  The complete set is returned to a user with the privilege.

   setprivgrp()
       The  system  call associates a kernel capability with a group ID.  This allows subletting of superuser-like privileges to members of a par-
       ticular group or groups.  takes two arguments: grpid, the integer group ID, and mask, a mask of permissions.  The mask is created by treat-
       ing  the  access types defined in as bit numbers (using 1 for the least significant bit).  Thus, privilege number 5 would be represented by
       the bits or 16.	More generally, privilege p is represented by:

       where is given 8 bits per byte.	As it is possible to have more than word-size distinct privileges, mask is a pointer to an  integer  array
       of size

       privileges  include those specified in the file A process can access the system call protected by a specific privileged group if it belongs
       to or has an effective group ID of a group having access to the system call.  All processes are considered to belong to the pseudo-group

       Specifying a grpid of causes privileges to be revoked on all privileged groups that have any of the privileges specified in mask.  Specify-
       ing a grpid of causes privileges to be granted to all processes.

       The  constant in defines the system limit on the number of groups that can be assigned privileges.  One of these is always the psuedo-group
       allowing for actual groups.

       Only processes with the privilege can use

   Security Restrictions
       Some or all of the actions associated with this system call require the privilege.  Processes owned by the superuser have  this	privilege.
       Processes  owned  by  other users may have this privilege, depending on system configuration.  See privileges(5) for more information about
       privileged access on systems that support fine-grained privileges.

RETURN VALUE

       and return the following values:

	      Successful completion.
	      Failure.
		     is set to indicate the error.

ERRORS

       If fails, is set to one of the following values.

	      grplist	     points to an illegal address.  The reliable detection of this error is implementation dependent.

       If fails, is set to one of the following values.

	      The request would require assigning privileges to more than
			     groups.

	      mask	     points to an illegal address.  The reliable detection of this error is implementation dependent.

	      mask	     has bits set for one or more unknown privileges.

	      grpid	     is out of range.

	      The caller is not a privileged user.

EXAMPLES

       The following example prints out and the group IDs of the privilege groups to which the user belongs:

AUTHOR

       and were developed by HP.

SEE ALSO

       getprivgrp(1), setprivgrp(1M), setgroups(2), privgrp(4), privileges(5).

																     getprivgrp(2)