Check Permitted Privileges
An application can check the permitted privilege set to be sure the application has all privileges it needs to function. This way, if an application is missing a privilege, it can issue an error message to that effect. Continuing without all the needed privileges typically produces error messages that are more difficult to interpret.
The following example gets the permitted set and checks for PRIV_FILE_MAC_WRITE, PRIV_PROC_SETID, and PRIV_FILE_SETPRIV. The PRIV_ISSUBSET macro provides another way (not shown) to check if one privilege set contains all the privileges in another privilege set from within your source code.
/* Initialize privilege set data structure */
PRIV_EMPTY(&permitted_privs);
/* Test for privileges in permitted set. */
if (getppriv(PRIV_PERMITTED, &permitted_privs) == -1)
perror("Cannot get list of permitted privileges\n");
if (!PRIV_ISASSERT(&permitted_privs, PRIV_FILE_MAC_WRITE))
fprintf(stderr, "Need: file_mac_write.\n");
if (!PRIV_ISASSERT(&permitted_privs, PRIV_PROC_SETID))
fprintf(stderr, "Need: proc_setid.\n");
if (!PRIV_ISASSERT(&permitted_privs, PRIV_FILE_SETPRIV))
fprintf(stderr, "Need: file_setpriv.\n");
- © 2010, Oracle Corporation and/or its affiliates