How do group privileges work?
HP-UX 9.0 and later allows special attributes to be associated with groups, which allows some superuser-like capabilities to be controlled by defining which groups they are accessible from. In this way it becomes possible to distribute superuser accessible commands to other users without allowing them full access to all other superuser capabilities. Implicitly, the super-user is a member of ALL groups. This allows some (slight) relaxing of UNIX’s ‘all or nothing’ approach to distributing privileged capabilities. Privileged groups are an HP-UX- specific feature. Here is a list of group privileges available in various releases of HP-UX, along with a brief description of the system capabilities that they control: 9.
Updated: 07/11/01 HP-UX 9.0 and later allows special attributes to be associated with groups, which allows some superuser-like capabilities to be controlled by defining which groups they are accessible from. In this way it becomes possible to distribute superuser accessible commands to other users without allowing them full access to all other superuser capabilities. Implicitly, the super-user is a member of ALL groups. This allows some (slight) relaxing of UNIX’s ‘all or nothing’ approach to distributing privileged capabilities. Privileged groups are an HP-UX- specific feature. Here is a list of group privileges available in various releases of HP-UX, along with a brief description of the system capabilities that they control: 9.0 and later ============= o PRIV_RTPRIO – can use rtprio() to set real-time priorities (see rtprio(1) and rtprio(2)) o PRIV_MLOCK – can use plock() to lock process text and data into memory, and the shmctl() SHM_LOCK function to lock shared memory segments (se
