applications using
TIP: HP recommends you use
To configure applications to use
#setfilexsec [options] filename
The options for setfilexsec are as follows:
Deletes any security information for this file from the configuration file and the kernel. Deletes any security information for this file from the configuration file only. Used to clear security information for a deleted file.
Add or change minimum retained privileges. Add or change maximum retained privileges. Add or change minimum permitted privileges. Add or change maximum permitted privileges. Sets the security attribute flags.
Privilege Model
When you execute an application (binary file), it becomes a process. Processes have privilege sets associated with them; these privilege sets are generated when you execute the process. A process running from the same binary file can have different privileges at different invocations. Each process has three sets of privileges associated with it. These are the following:
•Permitted Privileges
The maximum set of privileges a process can raise. A process can drop any privilege from this set, but cannot add any privileges to this set.
•Effective Privileges
The set of privileges that is currently active for a process. A
The effective privilege set is always a subset of the permitted privilege set.
•Retained Privileges
The set of privileges given to a new program by the current process when that executes a program via the execve() system call. A process can remove privileges from this set, but cannot add privileges to this set.
The retained privilege set is always a subset of the permitted privileges set.
Compound Privileges
Compound privileges are a shorthand way of specifying a set of simple privileges that can be granted to a process as a group.
54
