'\" te .\" Copyright (c) 2004, Sun Microsystems, Inc. All Rights Reserved. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] .TH GETPPRIV 2 "Sep 10, 2004" .SH NAME getppriv, setppriv \- get or set a privilege set .SH SYNOPSIS .LP .nf #include \fBint\fR \fBgetppriv\fR(\fBpriv_ptype_t\fR \fIwhich\fR, \fBpriv_set_t *\fR\fIset\fR); .fi .LP .nf \fBint\fR \fBsetppriv\fR(\fBpriv_op_t\fR \fIop\fR, \fBpriv_ptype_t\fR \fIwhich\fR, \fBpriv_set_t *\fR\fIset\fR); .fi .SH DESCRIPTION .sp .LP The \fBgetppriv()\fR function returns the process privilege set specified by \fIwhich\fR in the set pointed to by \fIset\fR. The memory for \fIset\fR is allocated with \fBpriv_allocset()\fR and freed with \fBpriv_freeset()\fR. Both functions are documented on the \fBpriv_addset\fR(3C) manual page. .sp .LP The \fBsetppriv()\fR function sets or changes the process privilege set. The \fIop\fR argument specifies the operation and can be one of \fBPRIV_OFF\fR, \fBPRIV_ON\fR or \fBPRIV_SET\fR. The \fIwhich\fR argument specifies the name of the privilege set. The \fIset\fR argument specifies the set. .sp .LP If \fIop\fR is \fBPRIV_OFF\fR, the privileges in \fIset\fR are removed from the process privilege set specified by \fIwhich\fR. There are no restrictions on removing privileges from process privileges sets, but the following apply: .RS +4 .TP .ie t \(bu .el o Privileges removed from \fBPRIV_PERMITTED\fR are silently removed from \fBPRIV_EFFECTIVE\fR. .RE .RS +4 .TP .ie t \(bu .el o If privileges are removed from \fBPRIV_LIMIT\fR, they are not removed from the other sets until one of \fBexec\fR(2) functions has successfully completed. .RE .sp .LP If \fIop\fR is \fBPRIV_ON\fR, the privileges in \fIset\fR are added to the process privilege set specified by \fIwhich\fR. The following operations are permitted: .RS +4 .TP .ie t \(bu .el o Privileges in \fBPRIV_PERMITTED\fR can be added to \fBPRIV_EFFECTIVE\fR without restriction. .RE .RS +4 .TP .ie t \(bu .el o Privileges in \fBPRIV_PERMITTED\fR can be added to \fBPRIV_INHERITABLE\fR without restriction. .RE .RS +4 .TP .ie t \(bu .el o All operations that attempt to add privileges that are already present are permitted. .RE .sp .LP If \fIop\fR is \fBPRIV_SET\fR, the privileges in \fIset\fR replace completely the process privilege set specified by \fIwhich\fR. \fBPRIV_SET\fR is implemented in terms of \fBPRIV_OFF\fR and \fBPRIV_ON\fR. The same restrictions apply. .SH RETURN VALUES .sp .LP Upon successful completion, 0 is returned. Otherwise, -1 is returned and \fBerrno\fR is set to indicate the error. .SH ERRORS .sp .LP The \fBgetppriv()\fR and \fBsetppriv()\fR functions will fail if: .sp .ne 2 .na \fB\fBEINVAL\fR\fR .ad .RS 10n The value of \fIop\fR or \fIwhich\fR is out of range. .RE .sp .ne 2 .na \fB\fBEFAULT\fR\fR .ad .RS 10n The \fIset\fR argument points to an illegal address. .RE .sp .LP The \fBsetppriv()\fR function will fail if: .sp .ne 2 .na \fB\fBEPERM\fR\fR .ad .RS 9n The application attempted to add privileges to \fBPRIV_LIMIT\fR or \fBPRIV_PERMITTED\fR, or the application attempted to add privileges to \fBPRIV_INHERITABLE\fR or \fBPRIV_EFFECTIVE\fR which were not in \fBPRIV_PERMITTED\fR. .RE .SH ATTRIBUTES .sp .LP See \fBattributes\fR(7) for descriptions of the following attributes: .sp .sp .TS box; c | c l | l . ATTRIBUTE TYPE ATTRIBUTE VALUE _ Interface Stability Evolving _ MT-Level MT-Safe .TE .SH SEE ALSO .sp .LP .BR priv_addset (3C), .BR attributes (7), .BR privileges (7)