appropriate_privilege(5) DG/UX R4.11MU05 appropriate_privilege(5)
NAME
appropriate_privilege, privilege, capability - define terms related
to privilege
DESCRIPTION
This man page defines the terms privilege, capability, and
appropriate privilege and identifies some of the differences that
exist between a generic DG/UX system and a DG/UX system with
information security.
Privilege
Privilege is a user's ability to perform an action on a computer
system. On a generic DG/UX system, the amount of privilege a user
has is based on his/her identity: his/her user ID (UID) or group ID
(GID). A regular user has few privileges, and the superuser, who logs
in as root and has a UID of 0, has virtually unlimited privilege.
Regular users may, for example, access their own files or files owned
by their group, change access control lists (ACLs) on files they own,
and cancel their own print jobs. A superuser, on the other hand, has
the privilege to perform all restricted operations, such as mounting
a file system or adding a new user to the system, and to override
access control policies, such as writing to a file whose access
permissions disallow writing.
Capability
By comparison, the features of a DG/UX system with information
security exert more control over the privileges its users have. The
capability feature associates certain privileges with each and every
user on the system and with many of the executable objects on the
system. Users can perform only the actions permitted by their
privileges. If the user does not have the specific capability
required to perform an action, the action will fail.
The authority to perform specific actions is associated with a
capability that may be enabled or disabled for a given user. One
capability might grant the privilege to mount a file system, another
the privilege to override access permissions denying read access to a
file, and yet another the privilege to add users to the system. The
capability mechanism enables your site to grant or deny specific
privileges to people according to their authorized tasks, not
according to the "all or nothing" scheme in a generic UNIX system.
A user's capabilities are defined by administrators with the
authority known as appropriate privilege (defined below). For
example, an administrator, when adding a new user to the system,
selects the capabilities that that user will need to perform his/her
authorized tasks. Each time that user logs in to the system or
otherwise creates a new session under his/her own UID, the user will
have the capabilities included in his/her user account.
Executable objects on the system may also have one or more
capabilities. Most of these are defined by administrators with
appropriate privilege.
Another difference between a generic DG/UX system and a system with
capability, is that the capability system, by default, has no
superuser. Instead, users assume administrative roles; a role is a
special account that enables the user to manage part of the system
without having all privileges available on the system. Each role has
appropriate privilege to perform specific restricted operations
and/or to override specific access controls.
Appropriate Privilege
Appropriate privilege is originally a POSIX concept (POSIX.1 [IOSO
9945-1]) that Data General has implemented through its Capability
mechanism. It is defined as a user's ability to perform a specific
restricted operation or to override a particular access control
policy, as determined by the capabilities enabled for the user. On a
generic DG/UX system, you have appropriate privilege if you are
superuser (UID=0). On a DG/UX system with information security,
appropriate privilege is granted when one or more specific
capabilities is enabled in the effective capability set of the user.
See the cap_defaults(5) security man page for more information about
effective capability sets.
SEE ALSO
cap_defaults(5), security(5).
Using Security Features on the DG/UX(®) System in the security
documentation set.
Licensed material--property of copyright holder(s)