Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

getprivgrp(2) [hpux man page]

getprivgrp(2)							System Calls Manual						     getprivgrp(2)

NAME

       getprivgrp(), setprivgrp() - get and set special attributes for group

SYNOPSIS

DESCRIPTION

   getprivgrp()
       The  system  call returns a table of the privileged group assignments into a user-supplied structure.  grplist points to an array of struc-
       tures of type associating a group ID with a privilege mask.  Privilege masks are formed by ORing together elements from	the  access  types
       specified  in  The  array  may  have gaps in it, distinguished as having a field value of The group number gives the global privilege mask.
       Only information about groups which are in the user's group access list, or about the user's real or effective group ID, is returned to	an
       ordinary user.  The complete set is returned to a user with the privilege.

   setprivgrp()
       The  system  call associates a kernel capability with a group ID.  This allows subletting of superuser-like privileges to members of a par-
       ticular group or groups.  takes two arguments: grpid, the integer group ID, and mask, a mask of permissions.  The mask is created by treat-
       ing  the  access types defined in as bit numbers (using 1 for the least significant bit).  Thus, privilege number 5 would be represented by
       the bits or 16.	More generally, privilege p is represented by:

       where is given 8 bits per byte.	As it is possible to have more than word-size distinct privileges, mask is a pointer to an  integer  array
       of size

       privileges  include those specified in the file A process can access the system call protected by a specific privileged group if it belongs
       to or has an effective group ID of a group having access to the system call.  All processes are considered to belong to the pseudo-group

       Specifying a grpid of causes privileges to be revoked on all privileged groups that have any of the privileges specified in mask.  Specify-
       ing a grpid of causes privileges to be granted to all processes.

       The  constant in defines the system limit on the number of groups that can be assigned privileges.  One of these is always the psuedo-group
       allowing for actual groups.

       Only processes with the privilege can use

   Security Restrictions
       Some or all of the actions associated with this system call require the privilege.  Processes owned by the superuser have  this	privilege.
       Processes  owned  by  other users may have this privilege, depending on system configuration.  See privileges(5) for more information about
       privileged access on systems that support fine-grained privileges.

RETURN VALUE

       and return the following values:

	      Successful completion.
	      Failure.
		     is set to indicate the error.

ERRORS

       If fails, is set to one of the following values.

	      grplist	     points to an illegal address.  The reliable detection of this error is implementation dependent.

       If fails, is set to one of the following values.

	      The request would require assigning privileges to more than
			     groups.

	      mask	     points to an illegal address.  The reliable detection of this error is implementation dependent.

	      mask	     has bits set for one or more unknown privileges.

	      grpid	     is out of range.

	      The caller is not a privileged user.

EXAMPLES

       The following example prints out and the group IDs of the privilege groups to which the user belongs:

AUTHOR

       and were developed by HP.

SEE ALSO

       getprivgrp(1), setprivgrp(1M), setgroups(2), privgrp(4), privileges(5).

																     getprivgrp(2)

Check Out this Related Man Page

setuid(2)							System Calls Manual							 setuid(2)

NAME

       setuid(), setgid() - set user and group IDs

SYNOPSIS

DESCRIPTION

       sets  the  real-user-ID	(ruid), effective-user-ID (euid), and/or saved-user-ID (suid) of the calling process.  If the Security Containment
       product is installed, these interfaces treat a process observing as a privileged process.  Otherwise, only processes with an euid  of  zero
       are treated as privileged processes.  See privileges(5) for more information on Security Containment and fine-grained privileges.

       The following conditions govern setuid's behavior:

	      o  If the process is privileged, sets the ruid, euid, and suid to uid.

	      o  If  the  process is not privileged and the argument uid is equal to the ruid or the suid, sets the euid to uid; the ruid and suid
		 remain unchanged.  (If a set-user-ID program is not running as superuser, it can change its euid to  match  its  ruid	and  reset
		 itself to the previous euid value.)

	      o  If the process is not privileged, the argument uid is equal to the euid, and the calling process has the privilege, sets the ruid
		 to uid; the euid and suid remain unchanged.

       sets the real-group-ID (rgid), effective-group-ID (egid), and/or saved-group-ID (sgid) of the calling process.	The  following	conditions
       govern behavior:

	      o  If the process is privileged, sets the rgid and egid to gid.

	      o  If  the  process is not privileged and the argument gid is equal to the rgid or the sgid, sets the egid to gid; the rgid and sgid
		 remain unchanged.

	      o  If the process is not privileged, the argument gid is equal to the egid, and the calling process has the privilege, sets the rgid
		 to gid; the egid and sgid remain unchanged.

   Security Restrictions
       Some  or  all of the actions associated with this system call require the privilege.  Processes owned by the superuser have this privilege.
       Processes owned by other users may have this privilege, depending on system configuration.

       See privileges(5) for more information about privileged access on systems that support fine-grained privileges.

RETURN VALUE

       Upon successful completion, and return 0; otherwise, they return -1 and set to indicate the error.

ERRORS

       and fail and return -1 if any of the following conditions are encountered:

	      None of the conditions above are met.

	      uid	     (gid) is not a valid user (group) ID.

WARNINGS

       It is recommended that the capability be avoided, as it is provided for backward compatibility.	This feature may be  modified  or  dropped
       from future HP-UX releases.  When changing the real user ID and real group ID, use of and (see setresuid(2)) is recommended instead.

AUTHOR

       was developed by AT&T, the University of California, Berkeley, and HP.

       was developed by AT&T.

SEE ALSO

       exec(2), getuid(2), setresuid(2), privileges(5).

STANDARDS CONFORMANCE

																	 setuid(2)
Man Page