Open System Services System Calls Reference Manual (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

731

732

733

734

735

736

737

738

739

740

System Functions (s and S) setﬁlepriv(2)

NAME

setﬁlepriv - Sets one or more ﬁle privileges for an executable ﬁle

LIBRARY

H-series and J-series native Guardian Procesess: implicit libraries

H-series and J-series OSS processes: implicit libraries

SYNOPSIS

#include <sys/privileges.h>

int setﬁlepriv(

const char *path,

const unsigned char *ﬁleprivs

);

PARAMETERS

path Points to the OSS pathname of the executable ﬁle.

fileprivs Points to the bit pattern that determines the privileges for the ﬁle.

DESCRIPTION

The setﬁlepriv() function sets the ﬁle privileges of the OSS regular ﬁle or Guardian disk ﬁle

speciﬁed in the path parameter according to the bit pattern speciﬁed by the ﬁleprivs parameter.

File privileges are not supported for ﬁle types other than OSS regular ﬁles or Guardian disk ﬁles.

File privileges are ignored for ﬁles that are not executable ﬁles, DLLs, or user libraries. For

example, ﬁle privileges are ignored for shell scripts and TACL scirpts.

The ﬁleprivs parameter is constructed by logically ORing one or more of these symbols, which

are deﬁned in the sys/privileges.h header ﬁle:

PRIVNONE Resets the ﬁle privileges so that ﬁle has no special privileges.

PRIVSETID If the super ID (255,255 in the Guardian environment, 65535 in the OSS environ-

ment) runs an executable ﬁle that has this ﬁle privilege, the resultant process is

permitted to perform a privileged switch (such as by using the setuid() function)

to another user ID, group ID, or both to access ﬁles in a restricted-access ﬁleset.

PRIVSOARFOPEN

If a locally-authenticated member of the Safeguard

SECURITY_OSS_ADMINISTRATOR (SOA) group runs an executable ﬁle that

has this ﬁle privilege, the resultant process is permitted to perform additional

system calls needed to back up and restore ﬁles in a restricted-access ﬁleset.

These system calls include open(), open64(), creat(), creat64(), link( ),

remove_oss( ), unlink(), rmdir(), and utime( ),

NOTES

This function is supported on systems running J06.11 or later J-series RVUs or H06.22 or later

H-series RVUs only

Only Members of Safeguard SECURITY-PRV-ADMINISTRATOR (SEC-PRIV-ADMIN or

SPA) group are permitted to explicitly set or reset ﬁle privileges. Therefore only members can set

the PRIVSOARFOPEN ﬁle privilege on the Backup and Restore product to enable members of

the Safeguard SECURITY_OSS_ADMINISTRATOR (SOA) group to back up and to restore ﬁles

that are in restricted-access ﬁlesets. See the initﬁlepriv command.

File privileges are also removed from a ﬁle if the ﬁle is modiﬁed. Any changes to the ﬁle

privileges on a ﬁle is audited. File privileges are inherited by child processes created using the

fork() function.

527186-023 Hewlett-Packard Company 7−57