Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
131132133134135136137138139140
7.7 Troubleshooting Fine-Grained Privileges
If something is not working on the system and you suspect the problem is occurring
because of fine-grained privileges, you can check the fine-grained privileges configuration
as follows.
Problem 1: Even though fine-grained privileges are assigned to a binary file, processes
that use exec() to access the binary are not receiving the assigned fine-grained
privileges. Solution: Check for one of the following situations.
Is the file in question a script?
Any fine-grained privileges assigned to shell scripts are ignored.
Has the file changed since the fine-grained privileges were assigned?
When a file is modified, its fine-grained privilege attributes are lost. Run the following
command either before or after you modify the file:
# setfilexsec -d filename
Next, add the privilege attributes you want assigned to the file.
See setfilexsec(1M) for more information about troubleshooting fine-grained privileges.
Problem 2: A process has privileges it should not have, or does not have privileges it
should have. Solution: Use the getprocxsec command to determine what privileges
a process has:
# getprocxsec -per pid
This command displays the permitted, effective, and retained privilege sets for the process.
For more information, see getprocxsec(1M)
If the process does not have the correct privileges, configure the binary file that created
this process with the correct privileges. See “Configuring Applications with Fine-Grained
Privilegesfor more information.
140 Fine-Grained Privileges