Privileges and Interfaces Requiring Privilege

Under the POSIX.6 privilege mechanism, the granting of privilege is based on the combination of privilege attributes belonging to a process (process privilege attributes) and privilege attributes belonging to a file (file privilege attributes). This allows the mechanism to not be based solely on the user: privileges associated with files are also taken into consideration. The POSIX.6 standard does not preclude that a single user be granted all privileges all of the time (the super-user concept), although this absolute granting of privilege is strongly discouraged from being practiced.

The POSIX.1 interfaces that are covered by the POSIX.6 privilege policies (meaning that appropriate privilege is required) include:

• changing the permission of an object,
• changing the owner of an object,
• creating an object,
• creating a new process (exec()),
• killing a process,
• linking or unlinking an object,
• opening an object,
• using a pipe,
• renaming a file,
• removing a directory,
• using setuid/setgid functions,
• setting the umask (default permissions),
• getting the attribute information of an object.

• reading from or writing to an access control list,
• opening an audit trail,
• suspending or resuming the auditing of an application,
• reading from or writing to an information label,
• reading from or writing to a mandatory access control label,
• reading from or writing to the privilege state of a file.