Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions

131

132

133

134

135

136

137

138

139

140

Table 7-3 Available Privileges (continued)

DescriptionPrivilege

Allows a process to set resource and priority limits beyond the

maximum limit values.

PRIV_LIMIT

Allows a process to use the lockf() system call to lock files opened

with read-only permission.

PRIV_LOCKRDONLY

Allows a process to create character or block special files using the

mknod() system call.

PRIV_MKNOD

Allows a process to access the plock system call.PRIV_MLOCK

Allows a process to mount and unmount a file system using the

mount() and umount() system calls.

NOTE: If the HP-UX ContainmentPlus product (version B.11.31.02

or later) is installed on the system, the PRIV_MOUNT privilege is

divided into PRIV_FSMOUNT and PRIV_SWAPCTL. See

“Compatibility Information for Divided Privileges” (page 135).

PRIV_MOUNT

Allows a process to change processor binding, locality domain

binding, or launch policy.

PRIV_MPCTL

Allows a process to perform network administrative operations

including configuring the network routing tables and querying

interface information.

PRIV_NETADMIN

Allows a process to bind to a privileged port. By default, port

numbers 0-1023 are privileged ports.

PRIV_NETPRIVPORT

Allows a process to configure an interface to listen in promiscuous

mode.

PRIV_NETPROMISCUOUS

Allows a process to access the raw internet network protocols.PRIV_NETRAWACCESS

Allows a process to set the suid or sgid bits on any file if the

process has the OWNER privilege. It also allows a process to change

the ownership of a file without clearing the suid or sgid bits,

provided that the process is allowed to change the ownership of

the file.

PRIV_OBJSUID

Allows a process to override all restrictions with respect to UID

matching the owner of the file or resource.

PRIV_OWNER

Allows a process to change the system pset configuration.PRIV_PSET

Allows the process to do administrative operations that are

streams-based or pseudo terminal specific.

This privilege is valid only when the HP-UX ContainmentPlus product

(version B.11.31.02 or later) is installed on the system.

PRIV_PTYOPS

134 Fine-Grained Privileges