Administrator's Guide
Table 7-1 Fine-Grained Privileges Commands
DescriptionCommands
Sets security attributes of binary files. The attributes include retained
privileges, permitted privileges, compartment, and the privilege start
flag.
setfilexsec
Displays security attributes associated with binary executable files. The
attributes include retained privileges, permitted privileges, compartment,
and security attribute flags.
getfilexsec
Displays security attributes associated with a running processes. The
attributes include the effective privilege set, retained privilege set,
permitted privilege set, euid, and the compartment name.
getprocxsec
7.2.2 Manpages
Table 7-2 briefly describes the fine-grained privileges manpages.
Table 7-2 Fine-Grained Privileges Manpages
DescriptionManpage
Overview of HP-UX privileges.privileges(5)
Describes fine-grained privileges interfaces.privileges(3)
Describes setfilexsec functionality and syntax.setfilexsec(1M)
Describes getfilexsec functionality and syntax.getfilexsec(1M)
Describes getprocxsec funtionality and syntax.getprocxsec(1M)
7.3 Available Privileges
Fine-grained privileges are primarily targeted for developers. However, an administrator
may still need to understand the privileges to understand how such applications work
and to find if any unauthorized applications have gained privileges.
Table 7-3 lists the privileges and their primary purposes.
Table 7-3 Available Privileges
DescriptionPrivilege
Allows a process to control the process accounting system.PRIV_ACCOUNTING
Allows a process to start, modify, and stop the auditing system.PRIV_AUDCONTROL
Grants a process the ability to change its compartment.PRIV_CHANGECMPT
Allows a process to grant privileges to binaries.PRIV_CHANGEFILEXSEC
Allows a process to access the chown() system calls.PRIV_CHOWN
132 Fine-Grained Privileges