setppriv Subroutine

Purpose

Sets the privilege sets associated with a process.

Library

Standard C Library (libc.a)

Syntax

#include <sys/types.h>
#include <sys/priv.h>

int setppriv(pid, effective, maximum, inheritable,limiting)
pid_t pid;
privg_t * effective, maximum, inheritable, limiting;

Description

The setppriv subroutine sets the effective (EPS), maximum (MPS), inheritable (IPS) and limiting (LPS) privilege sets for the process as specified by the pid parameter. If the value of the pid parameter is negative, the privileges of the calling process are modified. The PV_PROC_PRIV privilege is needed in the effective set when a process wants to change the maximum or inheritable privilege set of any process or the effective privilege sets of another process. The calling process does not require a privilege to reduce its own maximum or inheritable privilege set or to modify its own effective privilege set. The limiting privilege acts as a ceiling for the maximum and inheritable privilege. The maximum privilege acts as a ceiling for the effective privilege. The effective privilege is the current privilege of the process per the pid parameter.

If the effective, maximum, inheritable or limiting privilege set has a value of null, the corresponding privilege set of the process remains unchanged. At least one of the effective, maximum, inheritable and limiting privilege sets must not have a value of null.

When the privilege of the process identified by the pid parameter is modified, the privilege sets of the process have the following proper relationship: the new effective privilege set of the process must be a subset of the new maximum privilege set of the process. Otherwise, the call fails.

Parameters

Item Description
pid Indicates that the process for which the privilege set change is requested.
effective Sets the effective privilege set, which is used to override system restrictions.
maximum Sets the maximum privilege set over which a process has control.
inheritable Sets the inheritable privilege set, which is passed to the EPS and MPS of a child process.
limiting Sets the limiting privilege set, which is the maximum possible privilege set that the process can have.

Return Values

Item Description
0 The subroutine ran successfully.
-1 An error occurred. The errno global variable is set to indicate the error.

Error Codes

The setppriv subroutine fails if any of the following are true:
Item Description
EFAULT The effective, maximum, inheritable or limiting privilege set is an illegal address.
EINVAL The value of the effective, maximum, inheritable, and limiting privilege set passed are all null.
EPERM The calling process does not have the PV_PROC_PRIV or MAC write privilege (in Trusted AIX®) to modify a process privilege set.
ESRCH No process has an ID equal to the value specified by the pid parameter.