[Info-vax] VMS Privileges Versus Linux Capabilities
lawrencedo99 at gmail.com
lawrencedo99 at gmail.com
Wed Jun 22 22:03:07 EDT 2016
On Thursday, June 23, 2016 at 9:41:12 AM UTC+12, abrsvc wrote:
> Technically, SETPRV is not a privilege but a flag that allows the setting of
> privs. You can't authorize the bit and not have it as default. Either you
> are granted the ability or you aren't.
Let me see if I remember this:
There are four process privilege masks: authorized, process-permanent, image and current. The current mask defaults to the union of the image and process-permanent masks, and that is the set of privileges in effect for making system service calls (apart from $SETPRV for setting privileges themselves).
The image mask comes from running an image installed with privileges. The authorized mask comes from your login privileges as defined in SYSUAF.DAT. The process-permanent mask initially equals the authorized mask, but can be modified with SET PROCESS/PRIV. You cannot set any process-permanent privilege not in your authorized privileges, unless your authorized privileges include SETPRV, then you can set anything.
Does SETPRV have meaning in the image mask? Presumably it would mean being able to set any privilege in the current mask.
Now, look again at <http://man7.org/linux/man-pages/man7/capabilities.7.html>; compare and contrast.
More information about the Info-vax
mailing list