DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Administering privilege

A file-Based privilege mechanism

With the exception of processes with a UID of 0, the privileges inherited by an existing process when commencing execution of a file are derived from the current privileges and the fixed privileges set on the file being executed. This type of privilege mechanism is called a file-based privilege mechanism.

The most important advantage of this privilege mechanism over the UID-based privilege mechanism is the ability to apportion system privileges to executing processes with fine granularity. The inheritance mechanism used provides the ability to control the assertion of privilege throughout the execution of a process, and the granularity of the available discrete privileges alows you greater flexibility with configuration of security sensitive commands that must be executed by ordinary users.

While the privilege mechanism provides the means by which a system can apportion and control process privileges, the privilege policy provides the rules by which the system grants privileges to processes.


Next topic: File and process privileges
Previous topic: The need for an all-Privileged user

© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004