privilege(5)
privilege --
include file for privilege mechanism definitions
Synopsis
#include <sys/privilege.h>
Description
This header file is used by all privilege
mechanisms.
All privileges are defined here, as
well as certain operations that are necessary
to manipulate privileges.
At user level, each privilege attached to a file or process is
defined as a 32 bit quantity called a privilege descriptor.
The most significant eight bits contain a mask value for the known
privilege sets: fixed, inheritable, maximum and working.
The remaining twenty-four bits contains a value for the
actual privilege.
In the kernel, privileges are maintained as bit vectors in the
credentials structure, with the state of the corresponding bit
denoting whether a particular privilege is set or clear.
Each privilege
set in the credentials structure has its own bit vector.
Several macros exist to manipulate privilege descriptors and
convert between the user level descriptors and the kernel level
bit vectors.
In the examples below, p denotes a privilege
descriptor, v denotes a privilege bit vector, and a and
b denotes a credential structure.
- pm_allon
-
Returns a value equivalent to a privilege vector with all bits
turned on.
Used for pm_setbits
- pm_pos(p)
-
Given a privilege descriptor p, return the privilege part only.
- pm_type(p)
-
Given a privilege descriptor p, return the type of privilege set
only.
- pm_pridc(p)
-
Given a privilege descriptor p, return the type of privilege set as
an ASCII character (F for fixed, I for inheritable, M for maximum,
and W for working).
- pm_privbit(p)
-
Given a privilege descriptor p containing only the privilege number, return a bit vector with the bit for
this privilege turned on.
- pm_pridt(p)
-
Given an ASCII character stored in p, return a privilege
descriptor containing the type of privilege set corresponding to
that character.
Valid values are F for fixed privilege set, I for
inheritable set, M for maximum set, and W for working set.
- pm_invalid(p)
-
Check the supplied privilege descriptor, p returning 0 if valid, and
1 if not.
- pm_setbits(p,v)
-
Given a privilege descriptor p and a bit vector v, turn on the bit in
the bit vector corresponding to the privilege supplied in the
descriptor.
Use pm_allon to set all bits if the descriptor contains
P_ALLPRIVS.
- pm_privon(a,v)
-
Given a credential structure a and a bit vector v with the bit
corresponding to the privilege of interest turned on, return 1 if
the privilege is on in the working privilege set of the
credentials, and 0 if not.
- pm_subset(a,b)
-
Given two credential structures a and b, determine if the maximum
privilege set of the second is an improper subset of the maximum
privilege set of the first.
- pm_privileged(a)
-
Given a credential structure a, return 0 if the maximum privilege
set is empty (the process does not and can not have privilege), or
non-zero otherwise.
References
filepriv(2),
priv(4),
procpriv(2)
30 January 1998
© 1998 The Santa Cruz Operation, Inc. All rights reserved.