Remove a Permitted Privilege

You can remove privileges from the permitted set, but once a privilege is removed it cannot be added back. Only privileges in the permitted set can be in the inheritable set so do not remove a permitted privilege that needs to be in the inheritable set. This example removes the file_mac_write privilege from the permitted set. The 1 indicates the parameter list has one privilege constant.

if(set_permitted_priv(PRIV_OFF, 1, PRIV_FILE_MAC_WRITE) == -1)
	perror ("Cannot remove file_mac_write from permitted set");

Before this call the permitted set contains these privileges:

executable Permitted = file_mac_write,file_setpriv,proc_setid

After this call the permitted set contains these privileges:

executable Permitted = file_setpriv,proc_setid

Previous: Check Permitted Privileges
Next: Check Saved Privileges