Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
getprivgrp(2)		      System Calls Manual		 getprivgrp(2)

NAME
       getprivgrp(), setprivgrp() - get	and set	special	attributes for group

SYNOPSIS
DESCRIPTION
   getprivgrp()
       The  system  call  returns  a table of the privileged group assignments
       into a user-supplied structure.	grplist	points to an array  of	struc-
       tures  of type associating a group ID with a privilege mask.  Privilege
       masks are formed	by ORing together elements from	the access types spec-
       ified in	The array may have gaps	in it, distinguished as	having a field
       value of	The group number gives the global privilege mask.  Only	infor-
       mation about groups which are in	the user's group access	list, or about
       the user's real or effective group ID, is returned to an	ordinary user.
       The complete set	is returned to a privileged user.

   setprivgrp()
       The  system  call associates a kernel capability	with a group ID.  This
       allows subletting of superuser-like privileges to members of a particu-
       lar group or groups.  takes two arguments: grpid, the integer group ID,
       and mask, a mask	of permissions.	 The mask is created by	 treating  the
       access  types defined in	as bit numbers (using 1	for the	least signifi-
       cant bit).  Thus, privilege number 5 would be represented by  the  bits
       or 16.  More generally, privilege p is represented by:

       where  is  given	 8 bits	per byte.  As it is possible to	have more than
       word-size distinct privileges, mask is a	pointer	to an integer array of
       size

       privileges include those	specified in the file A	process	can access the
       system call protected by	a specific privileged group if it  belongs  to
       or  has	an  effective  group ID	of a group having access to the	system
       call.  All processes are	considered to belong to	the pseudo-group

       Specifying a grpid of causes privileges to be revoked on	all privileged
       groups that have	any of the privileges specified	in mask.  Specifying a
       grpid of	causes privileges to be	granted	to all processes.

       The constant in defines the system limit	on the number of  groups  that
       can  be	assigned  privileges.  One of these is always the psuedo-group
       allowing	for actual groups.

       Only processes with appropriate privileges can use

RETURN VALUE
       and return the following	values:

	      Successful completion.
	      Failure.
		     is	set to indicate	the error.

ERRORS
       If fails, is set	to one of the following	values.

	      [EFAULT]	     grplist points to an illegal address.  The	 reli-
			     able  detection  of  this error is	implementation
			     dependent.
       If fails, is set	to one of the following	values.

	      [E2BIG]	     The request would require assigning privileges to
			     more than groups.

	      [EFAULT]	     mask  points to an	illegal	address.  The reliable
			     detection of this error is	implementation	depen-
			     dent.

	      [EINVAL]	     mask  has bits set	for one	or more	unknown	privi-
			     leges.

	      [EINVAL]	     grpid is out of range.

	      [EPERM]	     The caller	is not a privileged user.

EXAMPLES
       The following example prints out	and the	group  IDs  of	the  privilege
       groups to which the user	belongs:

AUTHOR
       and were	developed by HP.

SEE ALSO
       getprivgrp(1), setprivgrp(1M), setgroups(2), privgrp(4).

								 getprivgrp(2)

NAME | SYNOPSIS | DESCRIPTION | RETURN VALUE | ERRORS | EXAMPLES | AUTHOR | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=getprivgrp&sektion=2&manpath=HP-UX+11.22>

home | help