Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
131132133134135136137138139140
7.4.1 Privilege Model
Each process has three privilege sets associated with it:
Permitted Privilege Set
The maximum set of privileges a process can raise. The process can drop any
privilege from this set, but cannot add any privileges to this set. Privileges from this
set can be added to the effective privilege set of the process.
Effective Privilege Set
The set of currently active privileges for a process. A privilege-aware process can
modify effective privilege set to keep only the necessary privileges in this set at any
given time. The process can remove any privilege from the effective privilege set,
but can only add privileges from the permitted privilege set.
The effective privilege set is always a subset of the permitted privilege set.
Retained Privilege Set
The set of privileges retained when a process calls the execve system call. The
process can remove any privilege from this set, but cannot add privileges to this set.
The retained privilege set is always a subset of the permitted privileges set.
The first process, init, starts with a small set of privileges. It then creates other processes
that execute other binaries using exec family calls (execv, execve, and so on). During
this exec call, the extended attributes of the binary, the attributes set with setfilexsec
command, may cause these processes to gain privileges that their parent process do not
have, or lose the privileges that the parent process had. For instance, if a binary has a
permitted minimum of DACREAD (setfilexsec p DACREAD has been performed on
the binary), the new process will have the DACREAD privilege whether or not the parent
process had that privilege. On the other hand, if process already has the DACREAD
privilege, but if the binary it executes does not have this privilege in permitted max (for
example, setfilexsec -P none . has been performed on the file already), it
would lose the privilege as a side-effect of executing the binary.
7.4.2 Compound Privileges
Compound privileges are a shorthand way of specifying a predefined set of simple
privileges.
138 Fine-Grained Privileges