[Info-vax] VMS Privileges Versus Linux Capabilities

[abrsvc]

Technically, SETPRV is not a privilege but a flag that allows the setting of privs.  You can't authorize the bit and not have it as default.  Either you are granted the ability or you aren't.

If you follow the principle of least privilege, your account should default to have only TMPMBX, NETMBX, OPER and SETPRV.  Oper will allow you to log on even if interactive logins are disabled and setprv will allow you to add any priv you need when you need it. After completing the task that requires privs, the priv should be removed. 

Dan