Security Management Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

OSS System Security

Security Management Guide—522283-008

4-9

Adopting the Owner ID of a Program File

The effective user ID, effective group ID, and group list are used to determine if file

access is allowed. Other security attributes are also used to determine if an OSS

process can kill another OSS process. A process can successfully send a kill() signal

to another process under the following conditions:

•

The sending process has the effective user ID of the super ID user.

•

The sending process has an effective user ID equal to the real user ID of the target

process.

•

The sending process has an effective user ID equal to the saved-set-user-ID of the

target process.

•

The sending process has a real user ID equal to the real user ID of the target

process.

•

The sending process has a real user ID equal to the saved-set-user-ID of the

target process.

Adopting the Owner ID of a Program File

The set-user-ID permission bit in the OSS environment serves a function similar to that

of PROGID in the Guardian environment. The owner of a program file (or the super ID)

can set a file’s set-user-ID bit by using the chmod command. When this bit is set, the

getpid() Gets the OSS process ID

getppid() Gets the parent OSS process ID

getpgrp Gets the process group ID of the calling process

getpid() Gets the OSS process ID

getpwnam() Gets user attribute information from the user database

getpwuid() Gets user attribute information from the user database

getuid() Gets the real user ID of the calling process

setgid() Sets the group ID of the calling process

setgrent() Resets the group name key to get group information from the group

database

setpgid() Sets the process group ID for job control

setpwent() Resets the sequential key to the user database

setsid() Creates a new session and sets process group ID

setuid() Sets the user ID of the calling process

setreuid()

Sets the real and effective user IDs of the calling process

setregid()

Sets the real and effective group IDs of the calling process

Table 4-3. OSS Process-Management Functions

OSS Function Description (continued)

The OSS functions, setreuid() and setregid(), are supported only on systems running G06.27 and later G-series

RVUs and H06.05 and later H-series RVUs.