priv_add.3 (2010 09)
p
priv_add(3) priv_add(3)
if (priv_set_effective(priv_list, ",") )
{
printf("priv_set failed \n");
exit(1);
}
printf("\nThe effective set of the process is %s\n",
priv_set_to_str(privset_get(PRIV_EFFECTIVE, 0), ’,’, PRIV_STR_SHORT));
}
WARNINGS
Future product updates may introduce new privileges. In order to assure forward compatibility, applica-
tions must not remove a basic privilege from their effective, potential, or retained set that they do not
recognize.
One way to accomplish this is to use set negation notation: for instance, a process can set its effective set
to "
basic,!exec,!fork,!linkany
" instead of "session". This allows the application to maintain
its functionality even when a new basic privilege is introduced.
Another way to accomplish this is to use the interface
privset_remove()
or priv_remove() to
remove only the privileges that the application understands.
DEPENDENCIES
These functions are a part of the
libsec library.
SEE ALSO
priv_set_to_str(3), priv_str_to_set(3), privileges(5).
HP-UX 11i Version 3: September 2010 − 3 − Hewlett-Packard Company 3