getprivgrp(2)getprivgrp(2)NAMEgetprivgrp(), setprivgrp() - get and set special attributes for group
SYNOPSISDESCRIPTIONgetprivgrp()
The system call returns a table of the privileged group assignments
into a user-supplied structure. grplist points to an array of struc‐
tures of type associating a group ID with a privilege mask. Privilege
masks are formed by ORing together elements from the access types spec‐
ified in The array may have gaps in it, distinguished as having a field
value of The group number gives the global privilege mask. Only infor‐
mation about groups which are in the user's group access list, or about
the user's real or effective group ID, is returned to an ordinary user.
The complete set is returned to a user with the privilege.
setprivgrp()
The system call associates a kernel capability with a group ID. This
allows subletting of superuser-like privileges to members of a particu‐
lar group or groups. takes two arguments: grpid, the integer group ID,
and mask, a mask of permissions. The mask is created by treating the
access types defined in as bit numbers (using 1 for the least signifi‐
cant bit). Thus, privilege number 5 would be represented by the bits
or 16. More generally, privilege p is represented by:
where is given 8 bits per byte. As it is possible to have more than
word-size distinct privileges, mask is a pointer to an integer array of
size
privileges include those specified in the file A process can access the
system call protected by a specific privileged group if it belongs to
or has an effective group ID of a group having access to the system
call. All processes are considered to belong to the pseudo-group
Specifying a grpid of causes privileges to be revoked on all privileged
groups that have any of the privileges specified in mask. Specifying a
grpid of causes privileges to be granted to all processes.
The constant in defines the system limit on the number of groups that
can be assigned privileges. One of these is always the psuedo-group
allowing for actual groups.
Only processes with the privilege can use
Security Restrictions
Some or all of the actions associated with this system call require the
privilege. Processes owned by the superuser have this privilege. Pro‐
cesses owned by other users may have this privilege, depending on sys‐
tem configuration. See privileges(5) for more information about privi‐
leged access on systems that support fine-grained privileges.
RETURN VALUE
and return the following values:
Successful completion.
Failure.
is set to indicate the error.
ERRORS
If fails, is set to one of the following values.
grplist points to an illegal address. The reliable
detection of this error is implementation depen‐
dent.
If fails, is set to one of the following values.
The request would require assigning privileges to more than
groups.
mask points to an illegal address. The reliable
detection of this error is implementation depen‐
dent.
mask has bits set for one or more unknown privileges.
grpid is out of range.
The caller is not a privileged user.
EXAMPLES
The following example prints out and the group IDs of the privilege
groups to which the user belongs:
AUTHOR
and were developed by HP.
SEE ALSOgetprivgrp(1), setprivgrp(1M), setgroups(2), privgrp(4), privileges(5).
getprivgrp(2)