privilege(5)


privilege -- include file for privilege mechanism definitions

Synopsis

   #include <sys/privilege.h>

Description

This header file is used by all privilege mechanisms. All privileges are defined here, as well as certain operations that are necessary to manipulate privileges.

At user level, each privilege attached to a file or process is defined as a 32 bit quantity called a privilege descriptor. The most significant eight bits contain a mask value for the known privilege sets: fixed, inheritable, maximum and working. The remaining twenty-four bits contains a value for the actual privilege.

In the kernel, privileges are maintained as bit vectors in the credentials structure, with the state of the corresponding bit denoting whether a particular privilege is set or clear. Each privilege set in the credentials structure has its own bit vector.

Several macros exist to manipulate privilege descriptors and convert between the user level descriptors and the kernel level bit vectors. In the examples below, p denotes a privilege descriptor, v denotes a privilege bit vector, and a and b denotes a credential structure.


pm_allon
Returns a value equivalent to a privilege vector with all bits turned on. Used for pm_setbits

pm_pos(p)
Given a privilege descriptor p, return the privilege part only.

pm_type(p)
Given a privilege descriptor p, return the type of privilege set only.

pm_pridc(p)
Given a privilege descriptor p, return the type of privilege set as an ASCII character (F for fixed, I for inheritable, M for maximum, and W for working).

pm_privbit(p)
Given a privilege descriptor p containing only the privilege number, return a bit vector with the bit for this privilege turned on.

pm_pridt(p)
Given an ASCII character stored in p, return a privilege descriptor containing the type of privilege set corresponding to that character. Valid values are F for fixed privilege set, I for inheritable set, M for maximum set, and W for working set.

pm_invalid(p)
Check the supplied privilege descriptor, p returning 0 if valid, and 1 if not.

pm_setbits(p,v)
Given a privilege descriptor p and a bit vector v, turn on the bit in the bit vector corresponding to the privilege supplied in the descriptor. Use pm_allon to set all bits if the descriptor contains P_ALLPRIVS.

pm_privon(a,v)
Given a credential structure a and a bit vector v with the bit corresponding to the privilege of interest turned on, return 1 if the privilege is on in the working privilege set of the credentials, and 0 if not.

pm_subset(a,b)
Given two credential structures a and b, determine if the maximum privilege set of the second is an improper subset of the maximum privilege set of the first.

pm_privileged(a)
Given a credential structure a, return 0 if the maximum privilege set is empty (the process does not and can not have privilege), or non-zero otherwise.

References

filepriv(2), priv(4), procpriv(2)
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 25 April 2004