DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Administering privilege

Why have fixed privileges?

The ability to specify fixed privileges is provided

For example, various system and other processes (owned by unprivileged UIDs) use the ps command in a privileged manner to get the status of processes that are not owned by the same UID. These processes do not run set-UID to 0 and the set-UID-on-execution bit of ps is not set. Therefore, to be executed by non-UID 0 processes in a way that exercises privilege, ps must have the fixed privileges required to return the status of other processes placed upon it. When ps is executed, the privilege mechanism propagates the union of the maximum privileges of the parent process and the fixed privileges of ps to the new process. This new process now has the privileges necessary to get the information required.


Next topic: The need for an all-Privileged user
Previous topic: The current privilege model

© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004