Priviledge Groups

Paul Flinders (
Mon, 16 Dec 1996 19:45:31 -0000

Perhaps implementing something like HP-UX priviledge groups
would help solve the link(2) problems that people have been

For those who don't have HP-UX 10 systems handy priviledge
groups associate groups (although I'd do it to the granularity
of users) access to certain system capabilities.

HP-UX defines
Ability to chown(2) files to some other user
Ability to call lockf(2) on files open readonly
Ability to lock pages in physical memory
Ability to set realtime priorities with rtprio(2)
Ability to set realtime priorities with the rtsched() functions
Ability to use setuid(2) and setgid(2)

We could usefully add
Ability to bind to sockets <1024
Ability to use mknod(2)
Ability to create hard links to non-owned files.

Any others?

This would allow those system administrators faced with possible security
problems or quota irregularities to restrict users or groups of users from
being able to carry out possibly anti-social activities and leave those of
with more co-operative users to set up more open systems.

I believe something like priv groups is in the 2.2 wishlist.