Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
HP-UX Reference > S

setprivgrp(1M)

HP-UX 11i Version 3: February 2007
» 

Technical documentation

» Feedback
Content starts here

 » Table of Contents

 » Index

NAME

setprivgrp — set special privileges for groups

SYNOPSIS

setprivgrp groupname [privileges]

setprivgrp -g [privileges]

setprivgrp -n [privileges]

setprivgrp -f file

DESCRIPTION

The setprivgrp command associates a group with a list of privileges, thus providing access to certain system capabilities for members of a particular group or groups. The privileges can be displayed with the getprivgrp command (see getprivgrp(1)).

Privileges can be granted to individual groups, as defined in the /etc/group file, and globally for all groups.

Only a superuser can use the setprivgrp command.

Options and Arguments

setprivgrp recognizes the following options and arguments:

privileges

One or more of the keywords described below in Privileged Capabilities.

groupname

The name of a group defined in the file named /etc/group. The current privileges for groupname, if any, are replaced by the specified privileges. To retain prior privileges, they must be respecified.

-g

Specify global privileges that apply to all groups. The current privileges, if any, are replaced by the specified privileges, To retain prior privileges, they must be respecified.

-n

If no privileges are specified, delete all privileges for all groups, including global privileges.

If one or more privileges are specified, delete the specified privileges from the current privilege lists of all groups, including the global privilege list, but do not delete unspecified privileges.

-f file

Set the privileges according to entries in the file file. This file is usually /etc/privgroup. The entry formats are described below in Group Privileges File Format.

Privileged Capabilities

The following system capabilities can be granted to groups:

CHOWN

Can use chown() to change file ownerships (see chown(2)).

LOCKRDONLY

Can use lockf() to set locks on files that are open for reading only (see lockf(2)).

MLOCK

Can use plock() to lock process text and data into memory, and the shmctl() SHM_LOCK function to lock shared memory segments (see plock(2) and shmctl(2)).

RTPRIO

Can use rtprio() to set real-time priorities (see rtprio(2)).

RTSCHED

Can use sched_setparam() and sched_setscheduler() to set POSIX.4 real-time priorities (see rtsched(2)).

SERIALIZE

Can use serialize() to force the target process to run serially with other processes that are also marked by this system call (see serialize(2)).

SETRUGID

Can use setuid() and setgid() to change, respectively, the real user ID and real group ID of a process (see setuid(2) and setgid(2)).

FSSTHREAD

Allows certain administrative operations in the Process Resource Manager (PRM) product. See that product's documentation for more information.

SPUCTL

Allows certain administrative operations in the Instant Capacity (iCAP) product. See that product's documentation for more information.

PSET

Can change system pset configuration (see pset_create(2)).

MPCTL

Can use mpctl() to change processor binding, locality domain binding or launch policy of a process (see mpctl(2)).

Group Privileges File Format

The file specified with the -f option should contain one or more lines in the following formats:

  • groupname [privileges]

  • -g [privileges]

  • -n [privileges]

They are described above in "Options and Arguments".

RETURN VALUE

setprivgrp exits with one of the following values:

0

Successful completion.

>0

Failure.

AUTHOR

setprivgrp was developed by HP.

FILES

/etc/group

/etc/privgroup

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1983-2007 Hewlett-Packard Development Company, L.P.