Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
getppriv(2)			 System	Calls			   getppriv(2)

       getppriv, setppriv - get	or set a privilege set

       #include	<priv.h>

       int getppriv(priv_ptype_t which,	priv_set_t *set);

       int setppriv(priv_op_t op, priv_ptype_t which, priv_set_t *set);

       The  getppriv() function	returns	the process privilege set specified by
       which in	the set	pointed	to by set. The memory  for  set	 is  allocated
       with  priv_allocset() and freed with priv_freeset(). Both functions are
       documented on the priv_addset(3C) manual	page.

       The setppriv() function sets or changes the process privilege set.  The
       op argument specifies the operation and can be one of PRIV_OFF, PRIV_ON
       or PRIV_SET. The	which argument specifies the  name  of	the  privilege
       set. The	set argument specifies the set.

       If  op  is PRIV_OFF, the	privileges in set are removed from the process
       privilege set specified by which. There are no restrictions on removing
       privileges from process privileges sets,	but the	following apply:

	 o  Privileges	removed	 from PRIV_PERMITTED are silently removed from

	 o  If privileges are removed from PRIV_LIMIT, they  are  not  removed
	    from  the  other  sets until one of	exec(2)	functions has success-
	    fully completed.

       If op is	PRIV_ON, the privileges	in set are added to the	process	privi-
       lege set	specified by which.  The following operations are permitted:

	 o  Privileges	in PRIV_PERMITTED can be added to PRIV_EFFECTIVE with-
	    out	restriction.

	 o  Privileges in PRIV_PERMITTED  can  be  added  to  PRIV_INHERITABLE
	    without restriction.

	 o  All	 operations  that  attempt  to add privileges that are already
	    present are	permitted.

       If op is	PRIV_SET, the privileges in set	replace	completely the process
       privilege  set  specified by which. PRIV_SET is implemented in terms of
       PRIV_OFF	and PRIV_ON. The same restrictions apply.

       Upon successful completion, 0 is	returned. Otherwise, -1	  is  returned
       and errno is set	to indicate the	error.

       The getppriv() and setppriv() functions will fail if:

       EINVAL	       The value of op or which	is out of range.

       EFAULT	       The set argument	points to an illegal address.

       The setppriv() function will fail if:

       EPERM	       The   application   attempted   to  add	privileges  to
		       PRIV_LIMIT or PRIV_PERMITTED, or	 the  application  at-
		       tempted	 to  add  privileges  to  PRIV_INHERITABLE  or
		       PRIV_EFFECTIVE which were not in	PRIV_PERMITTED.

       See attributes(5) for descriptions of the following attributes:

       |      ATTRIBUTE	TYPE	     |	    ATTRIBUTE VALUE	   |
       |Interface Stability	     |Evolving			   |
       |MT-Level		     |MT-Safe			   |

       priv_addset(3C),	attributes(5), privileges(5)

SunOS 5.10			  10 Sep 2004			   getppriv(2)


Want to link to this manual page? Use this URL:

home | help