Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions

131

132

133

134

135

136

137

138

139

140

Table 7-3 Available Privileges (continued)

DescriptionPrivilege

Allows the process to do device administrative operations that are

non-pseudo terminal specific.

This privilege is valid only when the HP-UX ContainmentPlus product

(version B.11.31.02 or later) is installed on the system.

PRIV_RDEVOPS

Allows a process to perform reboot operations.PRIV_REBOOT

Allows a process to access the rtprio() system call.PRIV_RTPRIO

Allows a process to control RTE psets.PRIV_RTPSET

Allows a process to set POSIX.4 real-time priorities.PRIV_RTSCHED

Allows a process to add and modify compartment rules on the

system.

PRIV_RULESCONFIG

Allows a process to generate auditing records for itself using

audwrite() system call.

PRIV_SELFAUDIT

Allows a process to use the serialize() system call force a target

process to run serially with other processes marked for serialization.

PRIV_SERIALIZE

Allows a process to do certain administrative operations in the

Instant Capacity product.

PRIV_SPUCTL

Allows a process to manage swap space using the swapctl()

system call.

This privilege is valid only when the HP-UX ContainmentPlus product

(version B.11.31.02 or later) is installed on the system.

PRIV_SWAPCTL

Allows a process to manage system attributes, including the setting

of tunables, modifying the host name, domain name, and user

quotas.

NOTE: If the HP-UX ContainmentPlus product (version B.11.31.02

or later) is installed on the system, the PRIV_SYSATTR privilege is

divided into PRIV_CORESYSATTR and PRIV_HOSTATTR. See

“Compatibility Information for Divided Privileges” (page 135).

PRIV_SYSATTR

Allows a process to perform NFS operations like exporting a file

system, the getfh() system call, NFS file locking, revoking NFS

authentication, and creating an NFS kernel daemon thread.

PRIV_SYSNFS

Allows a process to log trial mode information to the syslog file.PRIV_TRIALMODE

7.3.1 Compatibility Information for Divided Privileges

If the HP-UX ContainmentPlus product (version B.11.31.02 or later) is installed on the

system, the PRIV_SYSATTR, PRIV_MOUNT and PRIV_DEVOPS privileges are each

divided into two privileges. The PRIV_SYSATTR privilege is divided into

7.3 Available Privileges 135