Ability domains

QNX SDP8.0Programmer's GuideDeveloper

The process manager supports PROCMGR_ADN_ROOT and PROCMGR_ADN_NONROOT flags that indicate which domain an ability applies to.

These flags let a process further limit what actions can be carried out depending on its effective user ID:
PROCMGR_ADN_ROOT
Modify the ability of the process when it has an effective user ID of 0.
PROCMGR_ADN_NONROOT
Modify the ability of the process when it has an effective user ID other than 0.
The following example shows how you can retain a specific ability for your process, before dropping root privileges. In the following example, the PROCMGR_AID_PATHSPACE ability is being allowed for non-root users:
procmgr_ability( 0, PROCMGR_ADN_NONROOT
                      | PROCMGR_AOP_ALLOW
                      | PROCMGR_AID_PATHSPACE,
                    PROCMGR_AID_EOL);
setreuid(new_user, new_user);
setregid(new_group, new_group);
Page updated: