setprivgrp(1M) setprivgrp(1M)
NAME [Toc] [Back]
setprivgrp - set special privileges for groups
SYNOPSIS [Toc] [Back]
setprivgrp groupname [privileges]
setprivgrp -g [privileges]
setprivgrp -n [privileges]
setprivgrp -f file
DESCRIPTION [Toc] [Back]
The setprivgrp command associates a group with a list of privileges,
thus providing access to certain system capabilities for members of a
particular group or groups. The privileges can be displayed with the
getprivgrp command (see getprivgrp(1)).
Privileges can be granted to individual groups, as defined in the
/etc/group file, and globally for all groups.
Only a superuser can use the setprivgrp command.
Options and Arguments [Toc] [Back]
setprivgrp recognizes the following options and arguments:
privileges One or more of the keywords described below in
"Privileged Capabilities".
groupname The name of a group defined in the file named
/etc/group. The current privileges for groupname,
if any, are replaced by the specified privileges.
To retain prior privileges, they must be
respecified.
-g Specify global privileges that apply to all
groups. The current privileges, if any, are
replaced by the specified privileges, To retain
prior privileges, they must be respecified.
-n If no privileges are specified, delete all
privileges for all groups, including global
privileges.
If one or more privileges are specified, delete
the specified privileges from the current
privilege lists of all groups, including the
global privilege list, but do not delete
unspecified privileges.
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: August 2003
setprivgrp(1M) setprivgrp(1M)
-f file Set the privileges according to entries in the
file file. This file is usually /etc/privgroup.
The entry formats are described below in "Group
Privileges File Format".
Privileged Capabilities [Toc] [Back]
The following system capabilities can be granted to groups:
CHOWN Can use chown() to change file ownerships (see
chown(2)).
LOCKRDONLY Can use lockf() to set locks on files that are
open for reading only (see lockf(2)).
MLOCK Can use plock() to lock process text and data into
memory, and the shmctl() SHM_LOCK function to lock
shared memory segments (see plock(2) and
shmctl(2)).
RTPRIO Can use rtprio() to set real-time priorities (see
rtprio(2)).
RTSCHED Can use sched_setparam() and sched_setscheduler()
to set POSIX.4 real-time priorities (see
rtsched(2)).
SERIALIZE Can use serialize() to force the target process to
run serially with other processes that are also
marked by this system call (see serialize(2)).
SETRUGID Can use setuid() and setgid() to change,
respectively, the real user ID and real group ID
of a process (see setui
).
FSSTHREAD Allows certain administrative operations in the
Process Resource Manager (PRM) product. See that
product's documentation for more information.
SPUCTL Allows certain administrative operations in the
Instant Capacity On Demand (iCOD) product. See
that product's documentation for more information.
PSET Can change system pset configuration (see
pset_create(2)).
MPCTL Can use mpctl() to change processor binding,
locality domain binding or launch policy of a
process (see mpctl(2)).
Group Privileges File Format [Toc] [Back]
The file specified with the -f option should contain one or more lines
Hewlett-Packard Company - 2 - HP-UX 11i Version 2: August 2003
setprivgrp(1M) setprivgrp(1M)
in the following formats:
groupname [privileges]
-g [privileges]
-n [privileges]
They are described above in "Options and Arguments".
RETURN VALUE [Toc] [Back]
setprivgrp exits with one of the following values:
0 Successful completion.
>0 Failure.
AUTHOR [Toc] [Back]
setprivgrp was developed by HP.
FILES [Toc] [Back]
/etc/group
/etc/privgroup
SEE ALSO [Toc] [Back]
getprivgrp(1), chown(2), getprivgrp(2), lockf(2), plock(2), rtprio(2),
rtsched(2), serialize(2), setgid(2), setuid(2), shmctl(2), mpctl(2),
pset_create(2), privgrp(4).
Hewlett-Packard Company - 3 - HP-UX 11i Version 2: August 2003 [ Back ] |