DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Administering privilege

Recalculating process privileges

When created, a process inherits the maximum and working sets of its parent. Whenever a process executes a file, using the exec(2) system call, the privilege policy rules require the process' privilege sets to be recalculated.

This mechanism works by using

When a user executes a command, the privilege mechanism does the following:

Because UID 0 is a special case, provisions must be made if the effective UID of a process changes. If the effective UID of a process changes during execution, then the following occurs:

This behavior preserves the omnipotence of a process with effective UID 0.

Additionally, fixed privileges on a file are passed to a new process. This behavior provides a way for non-UID 0 processes to execute commands with privilege. The union of the maximum privileges of the calling process and fixed privileges of the executable are propagated to a new process regardless of UID.


Next topic: Privilege initialization at system startup
Previous topic: The privilege policy

© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004