privilege(5) privilege(5)
NAME
privilege - include file for privilege mechanism definitions
SYNOPSIS
#include <sys/privilege.h>
DESCRIPTION
This header file is used by all privilege mechanisms. All
privileges are defined here, as well as certain operations
that are necessary to manipulate privileges.
At user level, each privilege attached to a file or process is
defined as a 32 bit quantity called a privilege descriptor.
The most significant eight bits contain a mask value for the
known privilege sets: fixed, inheritable, maximum and working.
The remaining twenty-four bits contains a value for the actual
privilege.
In the kernel, privileges are maintained as bit vectors in the
credentials structure, with the state of the corresponding bit
denoting whether a particular privilege is set or clear. Each
privilege set in the credentials structure has its own bit
vector.
Several macros exist to manipulate privilege descriptors and
convert between the user level descriptors and the kernel
level bit vectors. In the examples below, p denotes a
privilege descriptor, v denotes a privilege bit vector, and a
and b denotes a credential structure.
pm_allon Returns a value equivalent to a
privilege vector with all bits
turned on. Used for pm_setbits
pm_pos(p) Given a privilege descriptor p,
return the privilege part only.
pm_type(p) Given a privilege descriptor p,
return the type of privilege set
only.
pm_pridc(p) Given a privilege descriptor p,
return the type of privilege set
as an ASCII character (F for
fixed, I for inheritable, M for
maximum, and W for working).
Copyright 1994 Novell, Inc. Page 1
privilege(5) privilege(5)
pm_privbit(p) Given a privilege descriptor p
containing only the privilege
number, return a bit vector with
the bit for this privilege
turned on.
pm_pridt(p) Given an ASCII character stored
in p, return a privilege
descriptor containing the type
of privilege set corresponding
to that character. Valid values
are F for fixed privilege set, I
for inheritable set, M for
maximum set, and W for working
set.
pm_invalid(p) Check the supplied privilege
descriptor, p returning 0 if
valid, and 1 if not.
pm_setbits(p,v) Given a privilege descriptor p
and a bit vector v, turn on the
bit in the bit vector
corresponding to the privilege
supplied in the descriptor. Use
pm_allon to set all bits if the
descriptor contains P_ALLPRIVS.
pm_privon(a,v) Given a credential structure a
and a bit vector v with the bit
corresponding to the privilege
of interest turned on, return 1
if the privilege is on in the
working privilege set of the
credentials, and 0 if not.
pm_subset(a,b) Given two credential structures
a and b, determine if the
maximum privilege set of the
second is an improper subset of
the maximum privilege set of the
first.
pm_privileged(a) Given a credential structure a,
return 0 if the maximum
privilege set is empty (the
Copyright 1994 Novell, Inc. Page 2
privilege(5) privilege(5)
process does not and can not
have privilege), or non-zero
otherwise.
REFERENCES
filepriv(2), priv(4), procpriv(2)
Copyright 1994 Novell, Inc. Page 3