*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->IRIX man pages -> capabilities (4)              



capabilities(4)						       capabilities(4)

NAME    [Toc]    [Back]

     capabilities - Capability Mechanism

SYNOPSIS    [Toc]    [Back]

     #include <sys/capability.h>

DESCRIPTION    [Toc]    [Back]

     The capability mechanism provides fine grained control over the
     privileges	of a process.  As a process attribute, a capability allows the
     process to	perform	a specific set of restricted operations, without
     granting general override of the system's protection scheme.  A process
     can possess multiple capabilities.	 Collectively, all defined
     capabilities comprise the set of abilities	that are traditionally
     associated	with the root user.

     Defined capabilities are:

	  Privilege to use accounting setup system calls, acct(2).

	  Privilege to manage the system audit trail (sat_read(2) and
	  sat_write(2) system calls).

	  Privilege to write to	the system audit trail,	sat_write(2) system

	  Privilege to change the owner	of a file not owned by the process
	  when the system is configured	with _POSIX_CHOWN_RESTRICTED enabled.

	  Privilege to use the chroot(2) system	call.

	  Privilege to execute a file when the permissions or Access Control
	  List prohibit	it.

	  Privilege to read a file or search a directory when the permissions
	  or Access Control List prohibit it.

	  Privilege to write a file or update a	directory when the permissions
	  or Access Control List prohibit it.

	  Privilege to issue restricted	device management calls	and ioctl

									Page 1

capabilities(4)						       capabilities(4)

	  Privilege to operate on a file as if the process owns	it (e.g.,
	  change permissions, ownership, access	times, etc.).

	  Privilege to set the setuid or setgid	bits of	a file without being
	  the owner.  Also, the	privilege to change the	owner of a setuid or
	  setgid file.

	  Not supported, silently ignored.

	  Not supported, silently ignored.

	  Not supported, silently ignored.

	  Not supported, silently ignored.

	  Not supported, silently ignored.

	  Privilege to send a signal to	a process that is not owned by the
	  sender.  Also, privilege to use process synchronization calls
	  (procblk) to a process.

	  Not supported.

	  Privilege to change the MAC label of an object to a value that is
	  dominated by the previous label.  (Only on systems with MAC

	  Allows a process to change its own MAC label to a moldy label. A
	  process with a moldy label can view the hidden directory structure
	  of a multilevel directory. (Only on systems with MAC enabled.)

	  Privilege to read information	whose MAC label	dominates that of the
	  reader.  (Only on systems with MAC enabled.)

	  Privilege to change the MAC label of an open file.  (Only on systems
	  with MAC enabled.)

									Page 2

capabilities(4)						       capabilities(4)

	  Allows a process to change its own MAC label.	 (Only on systems with
	  MAC enabled.)

	  Privilege to change the MAC label of an object to a value that
	  dominates the	previous label.	 (Only on systems with MAC enabled.)

	  Privilege to write information whose MAC label does not equal	that
	  of the writer.  (Only	on systems with	MAC enabled.)

	  Privilege to issue restricted	memory management calls, primarily
	  memory locking.

	  Alias	for CAP_DEVICE_MGT.

	  Privilege to use the mountocket on	a privileged TCP port.

	  Privilege to issue restricted	process	management calls.

	  Privilege to issue restricted	quota management calls.

	  Privilege to issue restricted	scheduler calls, such as the real time
	  scheduler interfaces.

	  Privilege to change the capability sets of a file.

	  Allows a process to change its real GID, effective GID, saved	GID,
	  and process group ID.

									Page 3

capabilities(4)						       capabilities(4)

	  Allows a process to change its capability sets.

	  Allows a process to change its real, effective and saved UIDs.

	  Privilege to shutdown	or reboot the system. This capability alone
	  may be insufficient to perform the /etc/shutdown operation.

	  Not supported, silently ignored.

	  Privilege to use restricted STREAMS calls and	operations.

	  Privilege to use the swap(2) system call.

	  Privilege to set system information (e.g., hostname values, NVRAM
	  values, etc.).

	  Not supported, silently ignored.

	  Privilege to set the system time.

	  Identifies a trusted client to the X server (i.e. trusted path).

     A process has three, possibly empty, sets of capabilities.	 The permitted
     capability	set is the maximum set of capabilities for the process.	 The
     effective capability set contains those capabilities that are currently
     active for	the process.  The inherited capability set contains those
     capabilities that the process may pass to the next	process	image across

     Only capabilities in a process' effective capability set allow the
     process to	perform	restricted operations.	A process may use capability
     management	functions to add or remove capabilities	from its effective
     capability	set.  However the capabilities that a process can make
     effective are limited to those that exist in its permitted	capability

     Only capabilities in the process' inherited capability set	can be passed
     across exec(2).

     Capabilities are also associated with files.  There may or	may not	be a
     capability	set associated with a specific file. If	a file has no
     capability	set, execution of this file through an exec(2) will leave the

									Page 4

capabilities(4)						       capabilities(4)

     process' capability set unchanged.	If a file has a	capability set,
     execution of file will affect the process'	capability set in the
     following way: a file's inherited capability set further constrains the
     process inherited capabilities that are passed from one process image to
     another. The file's permitted capability set contains the capabilities
     that are unconditionally permitted	to a process upon execution of that
     file.  The	file's effective capabilities are the capabilities that	become
     immediately active	for the	process	upon execution of the file.

     More precisely described, the process capability assignment algorithm is:

	      I-proc-new = I-proc-old &	I-file
	      P-proc-new = P-file | (I-proc-new	& P-proc-old)
	      E-proc-new = P-proc-new &	E-file

     File capabilities are supported only on XFS file systems.

     At	the interface to the library routines, the capability sets are
     represented in a struct cap_set which is defined in <sys/capability.h>.

	      typedef __uint64_t cap_value_t;

	      struct cap_set {
		   cap_value_t	   cap_effective;  /* use in capability	checks */
		   cap_value_t	   cap_permitted;  /* combined with file attrs */
		   cap_value_t	   cap_inheritable;/* pass through exec	*/
	      typedef struct cap_set cap_set_t;
	      typedef struct cap_set * cap_t;

     Macros in <sys/capability.h> may be used to query,	set or examine the
     capability	sets.


     The routines cap_from_text(3c) and	cap_to_text(3c)	do the conversion
     between the internal structures and the external text form	of
     capabilities.  The	output of cap_to_text may be used in cap_from_text to
     recreate the original capability sets.

     The text representation of	capability sets	is a string, which consists of
     one or more capability lists.  Each capability list has the form:
     where capname is a	defined	capability name	(described above).  The	name
     ALL indicates all capabilities.

     F is a sequence of	one or more flags chosen from "e", "i",	"p" indicating
     which capability sets are to be affected.	"e" indicates the effective
     capability	set, "p" indicates the permitted capability set, and "i"

									Page 5

capabilities(4)						       capabilities(4)

     indicates the inherited capability	set.

     O is the operation	chosen from "=", "+", "-", indicating to initialize,
     add, or delete the	specified capabilities in the affected capability

     The capability lists are interpreted sequentially.

     All characters from the symbol "#"	to the end of the line are interpreted
     as	comments and are ignored.

SEE ALSO    [Toc]    [Back]

     chcap(1), cap_get_proc(3C), cap_set_proc(3C), cap_from_text(3C),
     cap_to_text(3C), capability(4), dominance(5).

									PPPPaaaaggggeeee 6666
[ Back ]
 Similar pages
Name OS Title
cap_get_flag IRIX get or set the value of a capability flag in a capability
resource_long_value FreeBSD get a value from the hints mechanism
resource_int_value FreeBSD get a value from the hints mechanism
resource_string_value FreeBSD get a value from the hints mechanism
pw_getvmax HP-UX lightweight synchronization mechanism
pw_post HP-UX lightweight synchronization mechanism
pw_wait HP-UX lightweight synchronization mechanism
pw_postv HP-UX lightweight synchronization mechanism
pw_getukid HP-UX lightweight synchronization mechanism
postwait HP-UX lightweight synchronization mechanism
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service