DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Directory and file management

Privileges associated with a file

For every executable file there may be a set of privileges that are acquired when that program is executed via an exec system call. This set of privileges is known as fixed privileges: they are always given to the new program, independent of the privileges of the parent or calling-process. Each executable file can have two sets of privileges associated with it that are propagated when that program is executed via an exec system call:

These sets are disjoint, that is, a privilege can not be defined as both fixed and inheritable for the same file. If an executable file does not require any privileges then this set is empty.


CAUTION: Privileges associated with a file are removed when the validity information for the file changes (for example, when the file is opened for writing or when the modes of the file change). This removes the file from the Trusted Computing Base; the privileges must be set again in order for the command to run with privilege.


Next topic: Manipulating file privileges
Previous topic: Privileges

© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 27 April 2004