GETPRIVGRP(2) — HP-UX
Series 200, 300, 800 Only
NAME
getprivgrp, setprivgrp − get and set special attributes for group
SYNOPSIS
#include <sys/privgrp.h>
int getprivgrp(grplist)
struct privgrp_map grplist[PRIV_MAXGRPS];
int setprivgrp(grpid, mask)
int grpid, mask[PRIV_MASKSIZ];
DESCRIPTION
Setprivgrp associates a kernel capability with a group id. This allows subsetting of super−user like privileges for members of a particular group or groups. Setprivgrp takes two arguments: the integer group id and a mask of permissions. The mask is created by treating the access types defined in <sys/privgrp.h> as bit numbers (using 1 for the least significant bit). Thus, privilege number 5 would be represented by the bit 1<<(5-1) or 16. More generally, privilege p is represented by:
mask[((p-1) / BITS_PER_INT)] & (1 << ((p-1) % BITS_PER_INT)).
As it is possible to have more than word size distinct privileges, mask is a pointer to an integer array of size PRIV_MASKSIZ.
Setprivgrp privileges include those specified in the file <sys/privgrp.h>. A process may access the system call protected by a specific privileged group if it belongs to or has an effective group id of a group having access to the system call. All processes are considered to belong to the pseudo-group PRIV_GLOBAL.
Specifying a grpid of PRIV_NONE causes privileges to be revoked on all privileged groups having any of the privileges specified in mask. Specifying a grpid of PRIV_GLOBAL causes privileges to be granted to all processes.
The constant PRIV_MAXGRPS in <sys/privgrp.h> defines the system limit on the number of groups which can be assigned privileges. One of these is always the psuedo-group PRIV_GLOBAL, allowing for PRIV_MAXGRPS-1 actual groups.
Getprivgrp returns a table of the privileged group assignments into a user supplied structure. Grplist points to an array of structures of type privgrp_map associating a groupid with a privilege mask. Privilege masks are formed by oring together elements from the access types specified in <sys/privgrp.h>. The array may have gaps in it distinguished as having a priv_groupno field of PRIV_NONE. The group number PRIV_GLOBAL gives the global privilege mask. Only information about groups which are in the user’s group access list, or about his real or effective group id, is returned to an ordinary user. The complete set is returned to the super-user.
EXAMPLES
The following example prints out PRIV_GLOBAL and the group ids of the privilege groups to which the user belongs:
struct privgrp_map pgrplist[PRIV_MAXGRPS];
int i;
int pgid;
getprivgrp (pgrplist);
for (i=0; i<PRIV_MAXGRPS; i++) {
if ((pgid = pgrplist[i].priv_groupno) != PRIV_NONE) {
if (pgid == PRIV_GLOBAL)
printf ("(PRIV_GLOBAL) ");
printf ("privilege group id = %d\n", pgid);
}
}
NOTES
Only the super-user may use setprivgrp.
ERRORS
Setprivgrp returns -1 and an error code in errno if:
[EPERM] The caller is not super user.
[EFAULT] Mask points to an illegal address. The reliable detection of this error will be implementation dependent.
[EINVAL] Mask has bits set for one or more unknown privileges.
[E2BIG] The request would require assigning privileges to more than PRIV_MAXGRPS groups.
Getprivgrp returns -1 and an error code in errno if:
[EFAULT] Grplist points to an illegal address. The reliable detection of this error will be implementation dependent.
Both calls return 0 on success.
AUTHOR
Getprivgrp was developed by HP.
SEE ALSO
getprivgrp(1), setgroups(2), setprivgrp(1M), privgrp(4).
Hewlett-Packard Company — Version B.1, May 11, 2021