NAME
setprivgrp — set special privileges for groups
SYNOPSIS
setprivgrp
groupname
[privileges]
setprivgrp
-g
[privileges]
setprivgrp
-n
[privileges]
setprivgrp
-f
file
DESCRIPTION
The
setprivgrp
command associates a group with a list of privileges,
thus providing access to certain system capabilities
for members of a particular group or groups.
The privileges can be displayed with the
getprivgrp
command (see
getprivgrp(1)).
Privileges can be granted to individual groups,
as defined in the
/etc/group
file,
and globally for all groups.
Only a superuser can use the
setprivgrp
command.
Options and Arguments
setprivgrp
recognizes the following options and arguments:
- privileges
One or more of the keywords described below in
Privileged Capabilities.
- groupname
The name of a group defined in the file named
/etc/group.
The current privileges for
groupname,
if any, are replaced by the specified
privileges.
To retain prior privileges, they must be respecified.
- -g
Specify global privileges that apply to all groups.
The current privileges, if any, are replaced by the specified
privileges,
To retain prior privileges, they must be respecified.
- -n
If no
privileges
are specified, delete all privileges for all groups,
including global privileges.
If one or more
privileges
are specified,
delete the specified privileges from the current privilege lists of all groups,
including the global privilege list,
but do not delete unspecified privileges.
- -f file
Set the privileges according to entries in the file
file.
This file is usually
/etc/privgroup.
The entry formats are described below in
Group Privileges File Format.
Privileged Capabilities
The following system capabilities can be granted to groups:
- CHOWN
Can use
chown()
to change file ownerships (see
chown(2)).
- LOCKRDONLY
Can use
lockf()
to set locks on files that are open for reading only (see
lockf(2)).
- MLOCK
Can use
plock()
to lock process text and data into memory, and the
shmctl()
SHM_LOCK
function to lock shared memory segments (see
plock(2)
and
shmctl(2)).
- RTPRIO
Can use
rtprio()
to set real-time priorities (see
rtprio(2)).
- RTSCHED
Can use
sched_setparam()
and
sched_setscheduler()
to set POSIX.4 real-time priorities (see
rtsched(2)).
- SERIALIZE
Can use
serialize()
to force the target process to run serially with other processes
that are also marked by this system call (see
serialize(2)).
- SETRUGID
Can use
setuid()
and
setgid()
to change, respectively, the real user ID and real group ID
of a process (see
setuid(2)
and
setgid(2)).
- FSSTHREAD
Allows certain administrative operations in the Process
Resource Manager (PRM) product. See that product's
documentation for more information.
- SPUCTL
Allows certain administrative operations in the Instant
Capacity (iCAP) product. See that product's
documentation for more information.
- PSET
Can change system pset configuration (see
pset_create(2)).
- MPCTL
Can use
mpctl()
to change processor binding, locality
domain binding or launch policy of a process (see
mpctl(2)).
Group Privileges File Format
The file specified with the
-f
option should contain one or more lines in the following formats:
They are described above in "Options and Arguments".
RETURN VALUE
setprivgrp
exits with one of the following values:
- 0
Successful completion.
- >0
Failure.
AUTHOR
setprivgrp
was developed by
HP.
SEE ALSO
getprivgrp(1),
chown(2),
getprivgrp(2),
lockf(2),
plock(2),
rtprio(2),
rtsched(2),
serialize(2),
setgid(2),
setuid(2),
shmctl(2),
mpctl(2),
pset_create(2),
privgrp(4).
Printable version
