Open System Services Shell and Utilities Reference Manual (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

691

692

693

694

695

696

697

698

699

700

User Commands (s) setﬁlepriv(1)

NAME

setﬁlepriv - Sets ﬁle privileges for one or more executable ﬁles

SYNOPSIS

setﬁlepriv {-a|-d} privilege_value [{-a|-d} privilege_value]... ﬁle ...

setﬁlepriv -f privilege_ﬁle ﬁle ...

setﬁlepriv -s priv ilege_v alue[,privilege_v alue]... ﬁle ...

FLAGS

-a Adds the speciﬁed privile ge_value to the ﬁle privileges of ﬁle.

-d Deletes the speciﬁed privilege_value from the ﬁle privileges of ﬁle.

-f Sets the privileges for the speciﬁed ﬁle using the privileges entries contained in

the ﬁle privilege_ﬁle.

-s Sets the ﬁle privileges of ﬁle to privilege_value, replacing all existing ﬁle

privileges. Multiple privilege values can be separated by commas. Spaces

between values or after commas are not permitted.

Operands

file The pathname of a ﬁle for which you want to set privileges.

See DESCRIPTION for information about the requirements for these ﬂags.

DESCRIPTION

The setﬁlepriv command sets ﬁle privileges for the speciﬁed ﬁle or ﬁles. A ﬁle speciﬁed by ﬁle

can be either a Guardian disk ﬁle or an OSS regular ﬁle, but ﬁle privileges are ignored for ﬁles

that are not executable ﬁles, ordinary DLLs, or user libraries.

The values for privilege_value are:

PRIVNONE If a ﬁle has the PRIVNONE ﬁle privilege only, the ﬁle has no special privileges.

When used with the -s ﬂag:

• If PRIVNONE is used alone, the ﬁle privileges are reset and the ﬁle has

no special privileges.

• If PRIVNONE is used with another ﬁle privilege, such as PRIVSETID,

the PRIVNONE privilege value has no effect and the ﬁle privileges are

set to the other ﬁle privilge value or values you used.

When used with a ﬂag other than the -s ﬂag, the PRIVNONE privilege value has

no effect.

PRIVSETID If the super ID (255,255 in the Guardian environment, 65535 in the OSS environ-

ment) runs an executable ﬁle that has this ﬁle privilege, the resultant process is

permitted to perform a privileged switch (such as by using the setuid() function)

to another user ID, group ID, or both to access ﬁles in a restricted-access ﬁleset.

PRIVSOARFOPEN

If a locally-authenticated member of the Safeguard

SECURITY_OSS_ADMINISTRATOR (SOA) group runs an executable ﬁle that

has this ﬁle privilege, the resultant process is permitted to perform additional

system calls needed to back up and restore ﬁles in a restricted-access ﬁleset.

These system calls include open(), open64(), creat(), creat64(), link( ),

remove_oss(), unlink( ), rmdir(), and utime(),

527188-021 Hewlett-Packard Company 8−15